Lucene search

K
nvd2505284f-8ffb-486c-bf60-e19c1097a90bNVD:CVE-2024-6977
HistoryJul 31, 2024 - 5:15 p.m.

CVE-2024-6977

2024-07-3117:15:11
CWE-532
2505284f-8ffb-486c-bf60-e19c1097a90b
web.nvd.nist.gov
2
cato networks sdp
windows
vulnerability
log file
account takeover
protections
tunnel token
sdp client

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0

Percentile

9.4%

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker’s system.This issue affects SDP Client: before 5.10.34.

Affected configurations

Nvd
Node
catonetworkscato_clientRange5.10.34windows
VendorProductVersionCPE
catonetworkscato_client*cpe:2.3:a:catonetworks:cato_client:*:*:*:*:*:windows:*:*

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS

0

Percentile

9.4%

Related for NVD:CVE-2024-6977