CVE-2021-41388

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:26

Type Values Removed Values Added
References () https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 - Patch, Vendor Advisory () https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 - Patch, Vendor Advisory

13 Jan 2022, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 7.2
v3 : 7.8
CWE CWE-269
CPE cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
References (CONFIRM) https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 - (CONFIRM) https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 - Patch, Vendor Advisory

04 Jan 2022, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-01-04 22:15

Updated : 2024-11-21 06:26


NVD link : CVE-2021-41388

Mitre link : CVE-2021-41388

CVE.ORG link : CVE-2021-41388


JSON object : View

Products Affected

netskope

  • netskope

apple

  • macos
CWE
CWE-269

Improper Privilege Management