Lucene search

CatoCVELIST:CVE-2024-6973

HistoryJul 31, 2024 - 4:55 p.m.

CVE-2024-6973 Remote Code Execution in Cato Windows SDP client via crafted URLs

2024-07-3116:55:20

CWE-20

Cato

www.cve.org

cve-2024-6973

remote code execution

cato windows sdp client

crafted urls

windows sdp client before 5.10.34

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.3%

JSON

Remote Code Execution in Cato Windows SDP client via crafted URLs.
This issue affects Windows SDP Client before 5.10.34.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "SDP Client",
    "vendor": "Cato Networks",
    "versions": [
      {
        "lessThan": "5.10.34",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.3%

JSON

Related for CVELIST:CVE-2024-6973