Description
When the Windows VPN service starts, it tries to load an OpenSSL configuration file from a non-existing path:
C:\Work\WinVPNClient\ThirdParty\openssl\openssl-3.1.1\VS2022\SSL64\openssl.cnf
A low-privileged user can create this directory structure for the file and add a DLL that will be loaded to memory using the engine function in the OpenSSL configuration file, the next time that the Cato VPN service is started.
Severity
The CVSSv3.1 score is 8.8 (High).
What Changes Do I Need to Make?
Use the SDP User Dashboard to identify users with Windows Client versions below 5.10.34. Make sure they upgrade to the newest Windows Client version and receive the most recent security patches and enhancements.
Acknowledgments
Cato Networks thanks AmberWolf for detecting and identifying the issue. Full technical details can be found in their blog post.
What is the Impact on the Account?
If you don’t upgrade to Windows Client v5.10.34 or higher, devices with lower versions are vulnerable. To the best of our knowledge, none of these issues has been exploited in the wild.
Who Do I Talk to If I Have Questions?
Please contact Support.
0 comments
Please sign in to leave a comment.