Description

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Related CPE's

a

catonetworks

cato_client

*

*

*

*

*

windows

Vulnerable

References

https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover

ExploitVendor Advisory

Weaknesses

2505284f-8ffb-486c-bf60-e19c1097a90b

Secondary
CWE-532

[email protected]

Primary
CWE-532

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

2505284f-8ffb-486c-bf60-e19c1097a90b

Vulnerability status

Analyzed

Published

2024-07-31T15:15:11.860Z

1 year ago

Last modified

2024-08-27T13:41:15.443Z

1 year ago