CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6977

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.7%

CVSS Severity

CVSS v3 Score 6.5

References

https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover

Products affected by CVE-2024-6977

Catonetworks » Cato Client » Version: N/A

cpe:2.3:a:catonetworks:cato_client:-
Catonetworks » Cato Client » Version: 5.0

cpe:2.3:a:catonetworks:cato_client:5.0
Catonetworks » Cato Client » Version: 5.10

cpe:2.3:a:catonetworks:cato_client:5.10
Catonetworks » Cato Client » Version: 5.10.26

cpe:2.3:a:catonetworks:cato_client:5.10.26
Catonetworks » Cato Client » Version: 5.10.34

cpe:2.3:a:catonetworks:cato_client:5.10.34
Catonetworks » Cato Client » Version: 5.2

cpe:2.3:a:catonetworks:cato_client:5.2
Catonetworks » Cato Client » Version: 5.3

cpe:2.3:a:catonetworks:cato_client:5.3
Catonetworks » Cato Client » Version: 5.4

cpe:2.3:a:catonetworks:cato_client:5.4
Catonetworks » Cato Client » Version: 5.5

cpe:2.3:a:catonetworks:cato_client:5.5
Catonetworks » Cato Client » Version: 5.6

cpe:2.3:a:catonetworks:cato_client:5.6
Catonetworks » Cato Client » Version: 5.7

cpe:2.3:a:catonetworks:cato_client:5.7
Catonetworks » Cato Client » Version: 5.8

cpe:2.3:a:catonetworks:cato_client:5.8
Catonetworks » Cato Client » Version: 5.9

cpe:2.3:a:catonetworks:cato_client:5.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6977

Products

Pricing

Contact Us