Netskope is recognized as a Leader again in the Gartner® Magic Quadrant™ for SASE Platforms. Get the Report

close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
            2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
            One unified platform built for your journey
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        Netskope Technical Support
                        Netskope Technical Support
                        Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                          Netskope video
                          Netskope Training
                          Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
                            Netskope Security Advisory

                            NSKPSA-2020-004

                            Netskope Client Stack Buffer Overflow

                            Security Advisory ID: NSKPSA-2020-004

                            Version: 1.0

                            Status: Unpublished

                            Last Modified: 15th December, 2020

                             

                            Who should read this documentTechnical and Security Personnel
                            Impact of VulnerabilityBuffer overflow leading to dos and potential code execution
                            CVE NumberTBD
                            Severity RatingCritical
                            Overall CVSS ScoreCVSS 7.5
                            RecommendationsVerification of update to the latest release of the Netskope Client
                            Security Advisory ReplacementNone
                            CaveatsNone
                            Affected SoftwareNetskope Windows Client for Windows Release R80 and before.
                            Updated Software VersionNetskope Client for Windows Release R81
                            Special Notes and AcknowledgementsOptiv Application Security Team found this as part of a paid engagement for threat modeling and exploitation of the Netskope client update.
                            CWE ReferenceCWE-121: Stack-based Buffer Overflow
                            - https://cwe.mitre.org/data/definitions/121.html

                             

                            Description
                            This update resolves an issue within the Netskope Client where a stack-based buffer overflow was identified.

                             

                            This Release/patch remediates the following issues: CVE-TBD

                             

                            Affected Components
                            Netskope Client for Windows R80 and before are deployed and being used.

                             

                            Remediation
                            This vulnerability was triaged, validated, and fixed by Netskope. Customers should review the criticality of the vulnerability against their patch and maintenance processes and evaluate Release 81 of the client.

                             

                            Workaround
                            None

                             

                            Special Notes and Acknowledgement
                            Netskope credits the Optiv Application Security Team for finding this defect as part of a paid engagement for threat modeling and exploitation of the Netskope client update.

                             

                            This security Advisory was written by the Product Security Incident Response Team, Netskope, Inc.

                             

                            FAQs

                             

                            What is affected by this security vulnerability?
                            Netskope Client for Windows R80 and earlier.

                             

                            Do I need to Update Immediately?
                            Yes, Netskope recommends that all customers run the latest version of the software and evaluate this notification with other existing controls to make a determination. Netskope also recommends that customers use the CVSS v3.1 extended scoring or OWASP vulnerability criticality scoring tools to support their decision.

                             

                            Affected Versions
                            Any Netskope Client deployment on Windows before R81.

                             

                            Protected Versions
                            Netskope Client R81 or later. Netskope recommends that all customers verify that they have applied the latest updates.

                             

                            What issues does this release and/or patch address?
                            The release includes the fix for the reported issue as well as other items which can be found within our release notes: Netskope Support Release Notes Link

                             

                            How do I know if my Netskope WebUI is vulnerable or not?
                            The product and version can be found by navigating to the Netskope Client, Right-click, and seeing the “About”. An example is below:

                             

                            What has Netskope done to resolve the issue?
                            Netskope has released a new release to address this security flaw.

                             

                            Where do I download the fix?
                            Please visit the release notes on support.netskope.com.

                             

                            How does Netskope respond to this and any other security flaws?
                            Netskope has a private bug bounty program as well as the following public guidance for reporting concerns and issues from the research community which can be found at https://www.netskope.com/vulnerability-disclosure-policy. In addition, Netskope follows a documented triage, remediation, and testing process for any reported items.

                             

                            How do I find out about security vulnerabilities with your products?
                            Please review the release notes and security advisories on support.netskope.com.

                             

                            How was this found?
                            Netskope credits the Optiv Application Security Team for finding this defect as part of a paid engagement for threat modeling and exploitation of the Netskope client update.

                             

                            Resources:
                            Support Website: https://www.netskope.com/services#support

                            Contacts: [email protected], [email protected]