CVE-2024-6978

Name of the Vulnerable Software and Affected Versions Cato Networks SDP Client versions prior to 5.10.28

Description The issue affects Cato Networks SDP Client on Windows, where local root certificates can be installed by low-privileged users, and there is an Improper Input Validation vulnerability that allows Command Injection.

Recommendations For versions prior to 5.10.28, update to version 5.10.28 or later to resolve the issue. As a temporary workaround, consider restricting access to certificate installation and input validation functions to minimize the risk of exploitation.