CVE-2024-6977

CVSS V2 None CVSS V3 None

Description

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Overview

CVE ID
CVE-2024-6977

Assigner
Cato

Vulnerability Status
PUBLISHED

Published Version
2024-07-31T16:56:06.000Z

Last Modified Date
2024-07-31T17:08:09.827Z

Weakness Enumerations

CWE	URL
CWE-532	http://cwe.mitre.org/data/definitions/532.html

References

Reference URL	Reference Tags
https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-6977
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6977

History

Created	Old Value	New Value	Data Type	Notes
2024-08-01 13:13:00				Added to TrackCVE