8.8
CVE-2024-6973
- EPSS 0.76%
- Veröffentlicht 31.07.2024 17:15:11
- Zuletzt bearbeitet 27.08.2024 15:34:18
- Quelle 2505284f-8ffb-486c-bf60-e19c10
- CVE-Watchlists
- Unerledigt
LoginRemote Code Execution in Cato Windows SDP client via crafted URLs
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Catonetworks ≫ Cato Client SwPlatformwindows Version < 5.10.34
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.76% | 0.503 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 2505284f-8ffb-486c-bf60-e19c1097a90b | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://support.catonetworks.com/hc/en-us/articles/19756987454237-CVE-2024-6973-Windows-SDP-Client-Remote-Code-Execution-via-crafted-URLs