Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
References
Link | Resource |
---|---|
https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 | Patch Vendor Advisory |
https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 06:26
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 - Patch, Vendor Advisory |
13 Jan 2022, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CWE | CWE-269 | |
CPE | cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 - Patch, Vendor Advisory |
04 Jan 2022, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-04 22:15
Updated : 2024-11-21 06:26
NVD link : CVE-2021-41388
Mitre link : CVE-2021-41388
CVE.ORG link : CVE-2021-41388
JSON object : View
Products Affected
netskope
- netskope
apple
- macos
CWE
CWE-269
Improper Privilege Management