Description

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Related CPE's

a

catonetworks

cato_client

*

*

*

*

*

windows

Vulnerable

References

https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover

ExploitVendor Advisory

Weaknesses

[email protected]

Primary
CWE-532

2505284f-8ffb-486c-bf60-e19c1097a90b

Secondary
CWE-532

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

2505284f-8ffb-486c-bf60-e19c1097a90b

Vulnerability status

Analyzed

Published

2024-07-31T17:15:11.860

11 months ago

Last modified

2024-08-27T15:41:15.443

10 months ago