exploitDog

CVE-2024-6977

Опубликовано: 31 июл. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

Ссылки

https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:catonetworks:cato_client:*:*:*:*:*:windows:*:*

Версия до 5.10.34 (включая)

EPSS

Процентиль: 6%

0.00025

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-532

CWE-532

Связанные уязвимости

GHSA-q77q-33v2-m8hr

CVSS3: 6.5

github

больше 1 года назад

A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.

EPSS

Процентиль: 6%

0.00025

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-532

CWE-532