Home Security Advisories
Converged single pass processing, purpose built global cloud service, and open data platform.
360-degree visibility and control, autonomous life cycle and posture management, gradual low risk deployment, and universal management.
AI/ML for threat intelligence and unclassified application identification, ML engines for threat prevention and incident criticality, ML models for device classification, and GenAI for productivity.
Converged single pass processing, purpose built global cloud service, and open data platform.
360-degree visibility and control, autonomous life cycle and posture management, gradual low risk deployment, and universal management.
AI/ML for threat intelligence and unclassified application identification, ML engines for threat prevention and incident criticality, ML models for device classification, and GenAI for productivity.
We are committed to rapidly addressing issues as they arise, and providing recommendations through security advisories and security notices.
Security advisories are fixes or workarounds for vulnerabilities identified with Cato products.
Advisory | Advisory # | Updated | Release Date |
Windows SDP Client: Local root certificates can be installed by low-privileged users | CVE-2024-6978 | July 31st, 2024 | July 31st, 2024 |
Windows SDP Client: Sensitive data in trace logs can lead to account takeover | CVE-2024-6977 | July 31st, 2024 | July 31st, 2024 |
Windows SDP Client: Local Privilege Escalation via openssl configuration file | CVE-2024-6975 | July 31st, 2024 | July 31st, 2024 |
Windows SDP Client: Local Privilege Escalation via self-upgrade | CVE-2024-6974 | July 31st, 2024 | July 31st, 2024 |
Windows SDP Client: Remote Code Execution via crafted URLs | CVE-2024-6973 | July 31st, 2024 | July 31st, 2024 |
MacOS VPN Client Local Privilege Escalation via Race Condition | CVE-2023-43976 | October 11th, 2023 | October 11th, 2023 |