Filtered by vendor Catonetworks Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2026-12374 1 Catonetworks 1 Sdp Client 2026-07-01 N/A
Improper certificate validation and a time-of-check time-of-use (TOCTOU) race condition in the PrivilegedHelperTool XPC service in Cato Client before v.5.13.1 on macOS allows a local authenticated attacker to escalate privileges to root via a self-signed certificate that bypasses the XPC caller verification and a symlink swap during package installation.
CVE-2025-3886 1 Catonetworks 1 Cato Client 2025-05-12 8.1 High
An issue in CatoNetworks CatoClient before v.5.8.0 allows attackers to escalate privileges and achieve a race condition (TOCTOU) via the PrivilegedHelperTool component.
CVE-2023-43976 1 Catonetworks 1 Cato Client 2024-11-21 8.1 High
An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.
CVE-2024-6978 1 Catonetworks 1 Cato Client 2024-08-27 5.6 Medium
Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.
CVE-2024-6977 1 Catonetworks 1 Cato Client 2024-08-27 6.5 Medium
A vulnerability in Cato Networks SDP Client on Windows allows the insertion of sensitive information into the log file, which can lead to an account takeover. However, the attack requires bypassing protections on modifying the tunnel token on a the attacker's system.This issue affects SDP Client: before 5.10.34.
CVE-2024-6975 1 Catonetworks 2 Cato Client, Sdp Client 2024-08-27 8.8 High
Cato Networks Windows SDP Client Local Privilege Escalation via openssl configuration file. This issue affects SDP Client before 5.10.34.
CVE-2024-6974 1 Catonetworks 2 Cato Client, Sdp Client 2024-08-27 8.8 High
Cato Networks Windows SDP Client Local Privilege Escalation via self-upgradeThis issue affects SDP Client: before 5.10.34.
CVE-2024-6973 1 Catonetworks 2 Cato Client, Sdp Client 2024-08-27 7.5 High
Remote Code Execution in Cato Windows SDP client via crafted URLs. This issue affects Windows SDP Client before 5.10.34.