Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities by catonetworks
CVE-2025-3886 (GCVE-0-2025-3886)
Vulnerability from cvelistv5 – Published: 2025-04-27 10:41 – Updated: 2025-04-28 16:31
VLAI
Title
CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition
Summary
An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cato Networks | SDP Client |
Affected:
0 , < 5.8.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:47:39.132940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T16:31:10.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.\u003cbr\u003e"
}
],
"value": "An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-27T10:41:17.670Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/26903049677597-Security-Vulnerability-CVE-2025-3886-that-Impacts-macOS-Client-Versions-Lower-than-5-8"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CatoNetworks CatoClient up to 5.8 PrivilegedHelperTool Race Condition",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2025-3886",
"datePublished": "2025-04-27T10:41:17.670Z",
"dateReserved": "2025-04-22T21:43:49.202Z",
"dateUpdated": "2025-04-28T16:31:10.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6978 (GCVE-0-2024-6978)
Vulnerability from cvelistv5 – Published: 2024-07-31 16:56 – Updated: 2024-07-31 19:55
VLAI
Title
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users
Summary
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
Severity
5.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cato Networks | SDP Client |
Affected:
0 , < 5.10.34
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T18:01:59.083256Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T18:02:09.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.\u003cp\u003eThis issue affects SDP Client: before 5.10.28.\u003c/p\u003e"
}
],
"value": "Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:55:16.797Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19767051500957-CVE-2024-6978-Windows-SDP-Client-Local-root-certificates-can-be-installed-with-low-privileged-users"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6978",
"datePublished": "2024-07-31T16:56:16.063Z",
"dateReserved": "2024-07-22T10:18:55.309Z",
"dateUpdated": "2024-07-31T19:55:16.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6977 (GCVE-0-2024-6977)
Vulnerability from cvelistv5 – Published: 2024-07-31 16:56 – Updated: 2024-07-31 17:08
VLAI
Title
Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover
Summary
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cato Networks | SDP Client |
Affected:
0 , < 5.10.28
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:08:03.698176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:08:09.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.28",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker\u0027s system.\u003cp\u003eThis issue affects SDP Client: before 5.10.34.\u003c/p\u003e"
}
],
"value": "A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker\u0027s system.This issue affects SDP Client: before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
},
{
"capecId": "CAPEC-593",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-593 Session Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T16:56:06.000Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6977",
"datePublished": "2024-07-31T16:56:06.000Z",
"dateReserved": "2024-07-22T10:18:14.285Z",
"dateUpdated": "2024-07-31T17:08:09.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6975 (GCVE-0-2024-6975)
Vulnerability from cvelistv5 – Published: 2024-07-31 16:55 – Updated: 2024-08-01 08:56
VLAI
Title
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
Summary
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.
This issue affects SDP Client before 5.10.34.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-426 - Untrusted Search Path
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cato Networks | SDP Client |
Affected:
0 , < 5.10.34
(custom)
|
|
| catonetworks | sdp_client |
Affected:
0 , < 5.10.34
(custom)
cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdp_client",
"vendor": "catonetworks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:12:02.402880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:12:34.783Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\u003cbr\u003e\u003cp\u003eThis issue affects SDP Client before 5.10.34.\u003c/p\u003e"
}
],
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\nThis issue affects SDP Client before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T08:56:42.944Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6975",
"datePublished": "2024-07-31T16:55:55.599Z",
"dateReserved": "2024-07-22T10:15:53.837Z",
"dateUpdated": "2024-08-01T08:56:42.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6974 (GCVE-0-2024-6974)
Vulnerability from cvelistv5 – Published: 2024-07-31 16:55 – Updated: 2024-07-31 19:53
VLAI
Title
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade
Summary
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cato Networks | SDP Client |
Affected:
0 , < 5.10.34
(custom)
|
|
| catonetworks | sdp_client |
Affected:
0 , < 5.10.34
(custom)
cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "sdp_client",
"vendor": "catonetworks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6974",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:05:16.555687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:10:57.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade\u003cp\u003eThis issue affects SDP Client: before 5.10.34.\u003c/p\u003e"
}
],
"value": "Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:53:51.141Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19762641007133-CVE-2024-6974-Windows-SDP-Client-Local-Privilege-Escalation-via-self-upgrade"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6974",
"datePublished": "2024-07-31T16:55:40.104Z",
"dateReserved": "2024-07-22T10:14:52.087Z",
"dateUpdated": "2024-07-31T19:53:51.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6973 (GCVE-0-2024-6973)
Vulnerability from cvelistv5 – Published: 2024-07-31 16:55 – Updated: 2024-08-06 19:09
VLAI
Title
Remote Code Execution in Cato Windows SDP client via crafted URLs
Summary
Remote Code Execution in Cato Windows SDP client via crafted URLs.
This issue affects Windows SDP Client before 5.10.34.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cato Networks | SDP Client |
Affected:
0 , < 5.10.34
(custom)
|
|
| catonetworks | sdp_client |
Affected:
0 , < 5.10.34
(custom)
cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdp_client",
"vendor": "catonetworks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6973",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:07:27.477870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T19:09:57.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "SDP Client",
"vendor": "Cato Networks",
"versions": [
{
"lessThan": "5.10.34",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "AmberWolf"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remote Code Execution in Cato Windows SDP client via crafted URLs.\u003cbr\u003e\u003cp\u003eThis issue affects Windows SDP Client before 5.10.34.\u003c/p\u003e"
}
],
"value": "Remote Code Execution in Cato Windows SDP client via crafted URLs.\nThis issue affects Windows SDP Client before 5.10.34."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T19:53:33.061Z",
"orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"shortName": "Cato"
},
"references": [
{
"url": "https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in Cato Windows SDP client via crafted URLs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
"assignerShortName": "Cato",
"cveId": "CVE-2024-6973",
"datePublished": "2024-07-31T16:55:20.505Z",
"dateReserved": "2024-07-22T10:10:30.341Z",
"dateUpdated": "2024-08-06T19:09:57.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43976 (GCVE-0-2023-43976)
Vulnerability from cvelistv5 – Published: 2023-10-03 00:00 – Updated: 2024-09-20 15:47
VLAI
Summary
An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
2 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:11.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.catonetworks.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ns-echo.com/posts/cve_2023_43976.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T15:46:14.345091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T15:47:08.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T18:17:29.241Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.catonetworks.com"
},
{
"url": "https://www.ns-echo.com/posts/cve_2023_43976.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43976",
"datePublished": "2023-10-03T00:00:00.000Z",
"dateReserved": "2023-09-25T00:00:00.000Z",
"dateUpdated": "2024-09-20T15:47:08.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}