CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7401

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.1%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2024-7401

Netskope » Netskope » Version: 100

cpe:2.3:a:netskope:netskope:100
Netskope » Netskope » Version: 101

cpe:2.3:a:netskope:netskope:101
Netskope » Netskope » Version: 57

cpe:2.3:a:netskope:netskope:57
Netskope » Netskope » Version: 57.2.0.219

cpe:2.3:a:netskope:netskope:57.2.0.219
Netskope » Netskope » Version: 60

cpe:2.3:a:netskope:netskope:60
Netskope » Netskope » Version: 60.2.0.214

cpe:2.3:a:netskope:netskope:60.2.0.214
Netskope » Netskope » Version: 75.0

cpe:2.3:a:netskope:netskope:75.0
Netskope » Netskope » Version: 77

cpe:2.3:a:netskope:netskope:77
Netskope » Netskope » Version: 78

cpe:2.3:a:netskope:netskope:78
Netskope » Netskope » Version: 91.0.0

cpe:2.3:a:netskope:netskope:91.0.0
Netskope » Netskope » Version: 95

cpe:2.3:a:netskope:netskope:95
Netskope » Netskope » Version: 99

cpe:2.3:a:netskope:netskope:99

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7401

Products

Pricing

Contact Us