Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Netskope 安全漏洞
Vulnerability Description
Netskope是美国Netskope公司的一款应用于云环境的威胁防护网关。 macOS 上 89.x 之前版本的 Netskope 客户端存在安全漏洞,该漏洞源于sAuxiliarySvc 进程的 XPC 实现在接受连接之前不会对新连接执行验证。 因此,任何低权限用户都可以以 root 身份连接和调用 XPC 服务中定义的外部方法,将他们的权限提升到最高级别。
CVSS Information
N/A
Vulnerability Type
N/A