CVE-2024-6975 – This vulnerability allows local attackers to es... (How to Fix)

Q: What is the severity of CVE-2024-6975?

CVE-2024-6975 has a CVSS score of 8.8 (HIGH). This vulnerability allows local attackers to escalate privileges on Windows systems running vulnerable versions of Cato Networks SDP Client. Attackers can exploit insecure OpenSSL configuration file handling to execute arbitrary code with SYSTEM privileges. Only organizations using Cato SDP Client on Windows are affected.

📋 TL;DR

This vulnerability allows local attackers to escalate privileges on Windows systems running vulnerable versions of Cato Networks SDP Client. Attackers can exploit insecure OpenSSL configuration file handling to execute arbitrary code with SYSTEM privileges. Only organizations using Cato SDP Client on Windows are affected.

💻 Affected Systems

Products:

Cato Networks SDP Client

Versions: All versions before 5.10.34

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations of Cato SDP Client. Requires local access to the system.

📦 What is this software?

Cato Client by Catonetworks

View all CVEs affecting Cato Client →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full SYSTEM-level compromise of Windows endpoints, enabling complete control over the system, credential theft, lateral movement, and persistence establishment.

🟠

Likely Case

Local attackers gaining administrative privileges on workstations, allowing installation of malware, disabling security controls, and accessing sensitive local data.

🟢

If Mitigated

Limited impact with proper endpoint security controls, user privilege restrictions, and network segmentation preventing lateral movement.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.

🏢 Internal Only: HIGH - Malicious insiders or compromised user accounts can exploit this to gain full system control on affected Windows endpoints.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the Windows system. The vulnerability involves manipulating OpenSSL configuration files to achieve privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.10.34 and later

Vendor Advisory: https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file

Restart Required: Yes

Instructions:

1. Download Cato SDP Client version 5.10.34 or later from Cato Networks portal. 2. Run the installer with administrative privileges. 3. Restart the system after installation completes.

🔧 Temporary Workarounds

Restrict local user privileges

windows

Limit standard user accounts to prevent local exploitation attempts

Monitor OpenSSL configuration changes

windows

Implement file integrity monitoring on OpenSSL configuration files

🧯 If You Can't Patch

Implement strict least privilege access controls on all Windows endpoints
Deploy application whitelisting to prevent unauthorized process execution

🔍 How to Verify

Check if Vulnerable:

Check Cato SDP Client version in Windows Programs and Features or via 'CatoClient.exe --version' command

Check Version:

CatoClient.exe --version

Verify Fix Applied:

Verify installed version is 5.10.34 or higher and check system logs for successful update

📡 Detection & Monitoring

Log Indicators:

Unauthorized modifications to OpenSSL configuration files
Unexpected privilege escalation events in Windows Security logs
Cato SDP Client service restart failures

Network Indicators:

Unusual outbound connections from elevated processes post-exploitation

SIEM Query:

EventID=4688 AND ProcessName LIKE '%openssl%' AND NewProcessName LIKE '%cmd%' OR EventID=4672 AND AccountName='SYSTEM' from non-system processes

📊 Metadata

CVE ID: CVE-2024-6975

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-426

Published: July 31, 2024

Last Updated: August 27, 2024

🔗 References

https://support.catonetworks.com/hc/en-us/articles/19758025406621-CVE-2024-6975-Windows-SDP-Client-Local-Privilege-Escalation-via-openssl-configuration-file Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-6975, you might also want to check these: