Description
In the catoias:// URL scheme, that are parsed by the Windows SDP Clients, there are no sufficient validations on the external_browser parameter, which is controlled by the Client. This is then passed to the .NET Process.Start() function, resulting in remote code execution on the endpoint.
To exploit the vulnerability, a threat actor must redirect to a specially crafted URL. Then, the client or victim needs to approve a warning message from the browser for the exploit to work, which requires social engineering:
The issue applies to versions below 5.10.34.
Severity
The CVSSv3.1 score is 7.5 (High).
What Changes Do I Need to Make?
Use the SDP User Dashboard to identify users with Windows Client versions below 5.10.34. Make sure they upgrade to the newest Windows Client version and receive the most recent security patches and enhancements.
Acknowledgments
Cato Networks thanks AmberWolf for detecting and identifying the issue. Full technical details can be found in their blog post:
What is the Impact on the Account?
If you don’t upgrade to Windows Client v5.10.34 or higher, devices with lower versions will be vulnerable. To the best of our knowledge, none of these issues has been exploited in the wild.
Who Do I Talk to If I Have Questions?
Please contact Support.
0 comments
Please sign in to leave a comment.