CVE-2024-6975 (GCVE-0-2024-6975)

Vulnerability from cvelistv5 – Published: 2024-07-31 16:55 – Updated: 2024-08-01 08:56
VLAI?
Title
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file
Summary
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.
Severity ?
8.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Cato Networks SDP Client Affected: 0 , < 5.10.34 (custom)
Create a notification for this product.
Credits
AmberWolf
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "sdp_client",
            "vendor": "catonetworks",
            "versions": [
              {
                "lessThan": "5.10.34",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T17:12:02.402880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-31T17:12:34.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "SDP Client",
          "vendor": "Cato Networks",
          "versions": [
            {
              "lessThan": "5.10.34",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "AmberWolf"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\u003cbr\u003e\u003cp\u003eThis issue affects SDP Client before 5.10.34.\u003c/p\u003e"
            }
          ],
          "value": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\nThis issue affects SDP Client before 5.10.34."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-426",
              "description": "CWE-426 Untrusted Search Path",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-01T08:56:42.944Z",
        "orgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
        "shortName": "Cato"
      },
      "references": [
        {
          "url": "https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2505284f-8ffb-486c-bf60-e19c1097a90b",
    "assignerShortName": "Cato",
    "cveId": "CVE-2024-6975",
    "datePublished": "2024-07-31T16:55:55.599Z",
    "dateReserved": "2024-07-22T10:15:53.837Z",
    "dateUpdated": "2024-08-01T08:56:42.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-6975\",\"sourceIdentifier\":\"2505284f-8ffb-486c-bf60-e19c1097a90b\",\"published\":\"2024-07-31T17:15:11.640\",\"lastModified\":\"2024-08-27T15:40:05.223\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\\nThis issue affects SDP Client before 5.10.34.\"},{\"lang\":\"es\",\"value\":\" Escalada de privilegios locales del cliente SDP de Cato Networks Windows SDP a trav\u00e9s del archivo de configuraci\u00f3n openssl. Este problema afecta a SDP Client anterior a la versi\u00f3n 5.10.34.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"2505284f-8ffb-486c-bf60-e19c1097a90b\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"2505284f-8ffb-486c-bf60-e19c1097a90b\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:catonetworks:cato_client:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"5.10.34\",\"matchCriteriaId\":\"ADCE09F5-AC75-454D-847F-23A6E11C145D\"}]}]}],\"references\":[{\"url\":\"https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file\",\"source\":\"2505284f-8ffb-486c-bf60-e19c1097a90b\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6975\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-31T17:12:02.402880Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:catonetworks:sdp_client:*:*:*:*:*:*:*:*\"], \"vendor\": \"catonetworks\", \"product\": \"sdp_client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.10.34\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-31T17:12:31.025Z\"}}], \"cna\": {\"title\": \"Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"AmberWolf\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Cato Networks\", \"product\": \"SDP Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"5.10.34\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\\nThis issue affects SDP Client before 5.10.34.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file.\u003cbr\u003e\u003cp\u003eThis issue affects SDP Client before 5.10.34.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-426\", \"description\": \"CWE-426 Untrusted Search Path\"}]}], \"providerMetadata\": {\"orgId\": \"2505284f-8ffb-486c-bf60-e19c1097a90b\", \"shortName\": \"Cato\", \"dateUpdated\": \"2024-08-01T08:56:42.944Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-6975\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T08:56:42.944Z\", \"dateReserved\": \"2024-07-22T10:15:53.837Z\", \"assignerOrgId\": \"2505284f-8ffb-486c-bf60-e19c1097a90b\", \"datePublished\": \"2024-07-31T16:55:55.599Z\", \"assignerShortName\": \"Cato\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.