Refine your search
6 vulnerabilities found for SDP Client by Cato Networks
CVE-2025-3886 (GCVE-0-2025-3886)
Vulnerability from cvelistv5
Published
2025-04-27 10:41
Modified
2025-04-28 16:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cato Networks | SDP Client |
Version: 0 < 5.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:47:39.132940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:10.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.\u003cbr\u003e"
}
],
"value": "An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T10:41:17.670Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/26903049677597-Security-Vulnerability-CVE-2025-3886-that-Impacts-macOS-Client-Versions-Lower-than-5-8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2025-3886",
"datePublished": "2025-04-27T10:41:17.670Z",
"dateReserved": "2025-04-22T21:43:49.202Z",
"dateUpdated": "2025-04-28T16:31:10.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6978 (GCVE-0-2024-6978)
Vulnerability from cvelistv5
Published
2024-07-31 16:56
Modified
2024-07-31 19:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cato Networks | SDP Client |
Version: 0 < 5.10.34 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:01:59.083256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:02:09.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.\u003cp\u003eThis issue affects SDP Client: before 5.10.28.\u003c/p\u003e"
}
],
"value": "Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:55:16.797Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19767051500957-CVE-2024-6978-Windows-SDP-Client-Local-root-certificates-can-be-installed-with-low-privileged-users"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6978",
"datePublished": "2024-07-31T16:56:16.063Z",
"dateReserved": "2024-07-22T10:18:55.309Z",
"dateUpdated": "2024-07-31T19:55:16.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6977 (GCVE-0-2024-6977)
Vulnerability from cvelistv5
Published
2024-07-31 16:56
Modified
2024-07-31 17:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cato Networks | SDP Client |
Version: 0 < 5.10.28 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:08:03.698176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:08:09.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker\u0027s system.\u003cp\u003eThis issue affects SDP Client: before 5.10.34.\u003c/p\u003e"
}
],
"value": "A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker\u0027s system.This issue affects SDP Client: before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
},
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:56:06.000Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6977",
"datePublished": "2024-07-31T16:56:06.000Z",
"dateReserved": "2024-07-22T10:18:14.285Z",
"dateUpdated": "2024-07-31T17:08:09.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6975 (GCVE-0-2024-6975)
Vulnerability from cvelistv5
Published
2024-07-31 16:55
Modified
2024-08-01 08:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.
This issue affects SDP Client before 5.10.34.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cato Networks | SDP Client |
Version: 0 < 5.10.34 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdp_client",
"vendor": "catonetworks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:12:02.402880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:12:34.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\u003cbr\u003e\u003cp\u003eThis issue affects SDP Client before 5.10.34.\u003c/p\u003e"
}
],
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\nThis issue affects SDP Client before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T08:56:42.944Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6975",
"datePublished": "2024-07-31T16:55:55.599Z",
"dateReserved": "2024-07-22T10:15:53.837Z",
"dateUpdated": "2024-08-01T08:56:42.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6974 (GCVE-0-2024-6974)
Vulnerability from cvelistv5
Published
2024-07-31 16:55
Modified
2024-07-31 19:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cato Networks | SDP Client |
Version: 0 < 5.10.34 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdp_client",
"vendor": "catonetworks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:05:16.555687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:10:57.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade\u003cp\u003eThis issue affects SDP Client: before 5.10.34.\u003c/p\u003e"
}
],
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:53:51.141Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19762641007133-CVE-2024-6974-Windows-SDP-Client-Local-Privilege-Escalation-via-self-upgrade"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6974",
"datePublished": "2024-07-31T16:55:40.104Z",
"dateReserved": "2024-07-22T10:14:52.087Z",
"dateUpdated": "2024-07-31T19:53:51.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6973 (GCVE-0-2024-6973)
Vulnerability from cvelistv5
Published
2024-07-31 16:55
Modified
2024-08-06 19:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Remote Code Execution in Cato Windows SDP client via crafted URLs.
This issue affects Windows SDP Client before 5.10.34.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cato Networks | SDP Client |
Version: 0 < 5.10.34 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdp_client",
"vendor": "catonetworks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:07:27.477870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:09:57.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution in Cato Windows SDP client via crafted URLs.\u003cbr\u003e\u003cp\u003eThis issue affects Windows SDP Client before 5.10.34.\u003c/p\u003e"
}
],
"value": "Remote Code Execution in Cato Windows SDP client via crafted URLs.\nThis issue affects Windows SDP Client before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:53:33.061Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in Cato Windows SDP client via crafted URLs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6973",
"datePublished": "2024-07-31T16:55:20.505Z",
"dateReserved": "2024-07-22T10:10:30.341Z",
"dateUpdated": "2024-08-06T19:09:57.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}