Cyber Resilience

CVE-2024-6975

HighPublic PoCLPE

Published: 31 July 2024

Published
31 July 2024
Modified
27 August 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0007 22.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-6975 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Catonetworks Cato Client. Its CVSS base score is 8.8 (High).

Operationally, ranked at the 22.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

catonetworks
cato client
≤ 5.10.34

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References