CVE-2024-7402

Netskope Client Configuration Tampering with Local MITM

Description

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.

Remediation

Solution:

  • Customers can apply the fix by enabling the “Secure Configuration” option from the tenant under Settings -> Security Cloud Platform -> Netskope Client -> MDM Distribution -> Secure Enrollment page. Customers are recommended to upgrade the Netskope Client to the latest versions of R123, R126, R129 or higher and adopt “Netskope Client Secure Configuration Service” for APIs.

Workaround:

  • Prevent users from installing or adding 3rd party certificates in their machine's Operating System trust store. This will prevent users from performing MITM and tampering with configurations.

Category

7.0
CVSS
Severity: High
CVSS 4.0 •
EPSS 0.01%
Affected: Netskope Netskope Client
Published at:
Updated at:

References

Link Tags
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002

Frequently Asked Questions

What is the severity of CVE-2024-7402?
CVE-2024-7402 has been scored as a high severity vulnerability.
How to fix CVE-2024-7402?
To fix CVE-2024-7402: Customers can apply the fix by enabling the “Secure Configuration” option from the tenant under Settings -> Security Cloud Platform -> Netskope Client -> MDM Distribution -> Secure Enrollment page. Customers are recommended to upgrade the Netskope Client to the latest versions of R123, R126, R129 or higher and adopt “Netskope Client Secure Configuration Service” for APIs.
Is CVE-2024-7402 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-7402 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7402?
CVE-2024-7402 affects Netskope Netskope Client.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.