CVE-2024-7401

Public Exploit
Client Enrollment Process Bypass

Description

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.

Remediation

Solution:

  • Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - https://docs.netskope.com/en/secure-enrollment/

Workaround:

  • There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: * Enable device compliance and device classification * Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.

Category

8.5
CVSS
Severity: High
CVSS 4.0 •
CVSS 3.1 •
EPSS 0.15%
Vendor Advisory netskope.com
Affected: Netskope Netskope Client
Published at:
Updated at:

References

Link Tags
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001 vendor advisory
https://docs.netskope.com/en/secure-enrollment/ product patch
https://quickskope.com/ exploit

Frequently Asked Questions

What is the severity of CVE-2024-7401?
CVE-2024-7401 has been scored as a high severity vulnerability.
How to fix CVE-2024-7401?
To fix CVE-2024-7401: Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - https://docs.netskope.com/en/secure-enrollment/
Is CVE-2024-7401 being actively exploited in the wild?
It is possible that CVE-2024-7401 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7401?
CVE-2024-7401 affects Netskope Netskope Client.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.