CVE-2024-6977— Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover

CVSS 6.5 · Medium EPSS 0.03% · P7 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-6977

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

通过日志文件的信息暴露

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cato Networks Windows SDP Client 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cato Networks Windows SDP Client是以色列Cato Networks公司的一款安全的远程访问软件。 Cato Networks Windows SDP Client 5.10.28之前版本存在安全漏洞，该漏洞源于允许将敏感信息插入到日志文件中，可能导致帐户接管。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cato Networks	SDP Client	0 ~ 5.10.28	-

II. Public POCs for CVE-2024-6977

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-6977

请登录查看更多情报信息。

Same Patch Batch · Cato Networks · 2024-07-31 · 5 CVEs total

CVE-2024-6974	8.8 HIGH	Cato Networks Windows SDP Client Local Privilege Escalation via self-upgrade
CVE-2024-6975	8.8 HIGH	Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
CVE-2024-6973	7.5 HIGH	Remote Code Execution in Cato Windows SDP client via crafted URLs
CVE-2024-6978	5.6 MEDIUM	Cato Networks Windows SDP Client Local root certificates can be installed by low-privilege

IV. Related Vulnerabilities

Same product: SDP Client

Same vendor: Cato Networks

Same weakness: CWE-532

V. Comments for CVE-2024-6977

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-6977— Cato Networks Windows SDP Client Sensitive data in trace logs can lead to account takeover

I. Basic Information for CVE-2024-6977

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-6977

III. Intelligence Information for CVE-2024-6977

Same Patch Batch · Cato Networks · 2024-07-31 · 5 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-6977

Leave a comment