Lucene search

2505284f-8ffb-486c-bf60-e19c1097a90bNVD:CVE-2024-6973

HistoryJul 31, 2024 - 5:15 p.m.

CVE-2024-6973

2024-07-3117:15:11

CWE-20

2505284f-8ffb-486c-bf60-e19c1097a90b

web.nvd.nist.gov

vulnerability

remote code execution

cato windows sdp

crafted urls

windows sdp client

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.3%

JSON

Remote Code Execution in Cato Windows SDP client via crafted URLs.
This issue affects Windows SDP Client before 5.10.34.

Affected configurations

Nvd

Node

catonetworkscato_clientRange<5.10.34windows

VendorProductVersionCPE
catonetworkscato_client*cpe:2.3:a:catonetworks:cato_client:*:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
catonetworks	cato_client	*	cpe:2.3:a:catonetworks:cato_client::::::windows::*

References

support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

37.3%

JSON

Related for NVD:CVE-2024-6973