CVE-2024-6977

Published: Jul 31, 2024Modified: Aug 27, 2024

6.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Affected (1)

Products: Catonetworks: Cato Client

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Catonetworks Cato Client	Up to 5.10.34

Related CWEs

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (1)

https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover

Source: 2505284f-8ffb-486c-bf60-e19c1097a90b

ExploitVendor Advisory

Timeline

No history available yet.