Vulnerability — CVE-2024-6977

CVE-2024-6977

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2024-6977
Description:: A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.
Last updated date:: 08/27/2024

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/27/2024
Reference url to background: https://support.catonetworks.com/hc/en-us/articles/19766795729437-CVE-2024-6977-Windows-SDP-Client-Sensitive-data-in-trace-logs-can-lead-to-account-takeover