Product Security Advisories

 

We are committed to rapidly addressing issues as they arise, and providing recommendations through security advisories and security notices.

Security advisories are fixes or workarounds for vulnerabilities identified with Cato products.

 

Advisory Advisory # Updated Release Date
Windows SDP Client: Local root certificates can be installed by low-privileged users CVE-2024-6978 July 31st, 2024 July 31st, 2024
Windows SDP Client: Sensitive data in trace logs can lead to account takeover CVE-2024-6977 July 31st, 2024 July 31st, 2024
Windows SDP Client: Local Privilege Escalation via openssl configuration file CVE-2024-6975 July 31st, 2024 July 31st, 2024
Windows SDP Client: Local Privilege Escalation via self-upgrade CVE-2024-6974 July 31st, 2024 July 31st, 2024
Windows SDP Client: Remote Code Execution via crafted URLs CVE-2024-6973 July 31st, 2024 July 31st, 2024
MacOS VPN Client Local Privilege Escalation via Race Condition CVE-2023-43976 October 11th, 2023 October 11th, 2023