CVE-2024-6973 HIGH

CVE-2024-6973: Remote Code Execution in Cato Windows SDP client via crafted URLs

Vendor Cato Networks
Product SDP Client
Weakness CWE-20 · Input validation
Published July 31, 2024
Last update August 6, 2024
View on NVD All CVEs

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34.

Key dates

02Disclosure timeline

July 31, 2024 CVE published
August 6, 2024 Record updated