CVE-2024-7402 HIGH

CVE-2024-7402: Netskope Client Configuration Tampering with Local MITM

Vendor Netskope
Product Netskope Client
Weakness CWE-354
Published August 14, 2025
Last update August 15, 2025

CVSS base score

7.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H

What the vulnerability does

01Description

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.

Key dates

02Disclosure timeline

August 14, 2025 CVE published
August 15, 2025 Record updated