Netskope Client Enrollment Bypass Vulnerability CVE-2024-7401 Advisory

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Netskope Security Advisory NSKPSA-2024-001 - Vulnerability Type: Netskope client enrollment bypass issue 2. Affected Products and Versions: - Product: Netskope Client - Version: NSClient package 3. CVE-ID: - CVE-ID: CVE-2024-7401 4. Remediation Recommendation: - Netskope has fixed this vulnerability and advises customers to review their Netskope Client deployment and enable the fix. - Customers can refer to the documentation: https://docs.netskope.com/en/secure-enrollment/ 5. Mitigation Measures: - Since no remediation is available to fix the vulnerability, it is recommended to enable Secure Enrollment. - Specific steps include: - Enable device compliance and device classification. - Create policies to block all traffic from devices that fail device compliance checks or are unclassified. 6. General Security Best Practices: - Netskope recommends reviewing security guidelines and hardening options and using them to further secure the tenant. 7. Special Acknowledgments: - Netskope thanks Sander di Wit for reporting this vulnerability. 8. Exploitation and Public Disclosure: - Netskope has received isolated reports of this known vulnerability being abused by Bug Bounty hunters. - Netskope is willing to assist customers in detecting and remediating any abuse cases. 9. Revision History: - Version: 1.0 表 - Date: April 18, 2024 - Version Notes: Initial version 10. Legal Disclaimer: - Information is provided "as is" without any warranty of any kind. - Use of information and linked materials is at your own risk. - Product security incident response policies may change at any time, and no guarantee is made regarding response to specific issues or categories of issues. - Rights, support, and maintenance related to Netskope software or services, including vulnerabilities, are governed by the applicable master agreement. - Statements in this advisory do not modify, expand, or otherwise alter any rights under the applicable master agreement, nor do they create any additional warranties or commitments. 11. About Netskope: - Netskope is a leader in SASE (Security Access Service Edge), securely and quickly connecting users directly to the internet, any application, and their network infrastructure, regardless of whether the device is on or off the network. - Netskope’s SASE cloud provides the most granular context, enabling conditional access and user awareness through patented technology, while implementing zero trust principles in data protection and threat prevention. - Unlike other companies that compromise between security and networking, Netskope’s global private security cloud delivers full computing power at the edge. - Netskope is fast everywhere, data-centric, cloud-intelligent, and enables good digital citizenship while delivering lower total cost of ownership.

Goal Reached Thanks to every supporter — we hit 100%!

Netskope Client Enrollment Bypass Vulnerability CVE-2024-7401 Advisory