{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-7401", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "state": "PUBLISHED", "assignerShortName": "Netskope", "dateReserved": "2024-08-02T07:20:21.411Z", "datePublished": "2024-08-26T16:36:40.915Z", "dateUpdated": "2024-08-28T05:57:46.160Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Netskope Client", "product": "Netskope Client", "vendor": "Netskope", "versions": [{"status": "unknown", "version": "All"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Sander di Wit"}], "datePublic": "2024-08-26T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(248, 248, 248);\">Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user.</span>\n\n<p></p>"}], "value": "Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."}], "value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 8.5, "baseSeverity": "HIGH", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2024-08-28T05:57:46.160Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001"}, {"tags": ["patch"], "url": "https://docs.netskope.com/en/secure-enrollment/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/secure-enrollment/\">https://docs.netskope.com/en/secure-enrollment/</a> <br>"}], "value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide -  https://docs.netskope.com/en/secure-enrollment/"}], "source": {"advisory": "NSKPSA-2024-001", "discovery": "USER"}, "title": "Client Enrollment Process Bypass", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: <br><ul><li>Enable device compliance and device classification</li><li>Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.</li></ul>"}], "value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \n  *  Enable device compliance and device classification\n  *  Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-26T17:34:17.761636Z", "id": "CVE-2024-7401", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T17:35:05.399Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-7401", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-26T17:34:17.761636Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-26T17:34:39.297Z"}}], "cna": {"title": "Client Enrollment Process Bypass", "source": {"advisory": "NSKPSA-2024-001", "discovery": "USER"}, "credits": [{"lang": "en", "type": "finder", "value": "Sander di Wit"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Netskope", "product": "Netskope Client", "versions": [{"status": "unknown", "version": "All"}], "packageName": "Netskope Client", "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any.", "supportingMedia": [{"type": "text/html", "value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any.", "base64": false}]}], "solutions": [{"lang": "en", "value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide -  https://docs.netskope.com/en/secure-enrollment/", "supportingMedia": [{"type": "text/html", "value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/secure-enrollment/\">https://docs.netskope.com/en/secure-enrollment/</a> <br>", "base64": false}]}], "datePublic": "2024-08-26T16:00:00.000Z", "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001", "tags": ["vendor-advisory"]}, {"url": "https://docs.netskope.com/en/secure-enrollment/", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \n  *  Enable device compliance and device classification\n  *  Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.", "supportingMedia": [{"type": "text/html", "value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: <br><ul><li>Enable device compliance and device classification</li><li>Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.</li></ul>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(248, 248, 248);\">Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user.</span>\n\n<p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2024-08-28T05:57:46.160Z"}}}, "cveMetadata": {"cveId": "CVE-2024-7401", "state": "PUBLISHED", "dateUpdated": "2024-08-28T05:57:46.160Z", "dateReserved": "2024-08-02T07:20:21.411Z", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "datePublished": "2024-08-26T16:36:40.915Z", "assignerShortName": "Netskope"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*", "matchCriteriaId": "6839F225-C83A-4132-8802-E088178691C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user."}, {"lang": "es", "value": "Netskope fue notificado sobre una brecha de seguridad en el proceso de inscripci\u00f3n del Cliente Netskope donde NSClient utiliza un token est\u00e1tico \"Orgkey\" como par\u00e1metro de autenticaci\u00f3n. Dado que este token est\u00e1tico, si se filtra, no se puede rotar ni revocar. Un actor malintencionado puede utilizar este token para inscribir NSClient desde el inquilino de un cliente y hacerse pasar por un usuario."}], "id": "CVE-2024-7401", "lastModified": "2024-09-05T18:34:17.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "LOW", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "HIGH"}, "source": "psirt@netskope.com", "type": "Secondary"}]}, "published": "2024-08-26T17:15:06.987", "references": [{"source": "psirt@netskope.com", "tags": ["Product"], "url": "https://docs.netskope.com/en/secure-enrollment/"}, {"source": "psirt@netskope.com", "tags": ["Vendor Advisory"], "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001"}], "sourceIdentifier": "psirt@netskope.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "psirt@netskope.com", "type": "Secondary"}]}

{}