Description
The Client trace log files were found to contain the tunnel authentication data. This can be used to connect to the tunnel on behalf of the user.
To exploit this, an attacker must have access to the client filesystem.
Severity
The CVSSv3.1 score is 6.5 (Medium).
What Changes Do I Need to Make?
Use the SDP User Dashboard to identify users with Windows Client versions below 5.10.28. Make sure they upgrade to the newest Windows Client version and receive the most recent security patches and enhancements.
Acknowledgments
Cato Networks thanks AmberWolf for detecting and identifying the issue. Full technical details can be found in their blog post:
What is the Impact on the Account?
If you don’t upgrade to Windows Client v5.10.28 or higher, devices with lower versions will be vulnerable. To the best of our knowledge, none of these issues has been exploited in the wild.
Who Do I Talk to If I Have Questions?
Please contact Support.
0 comments
Please sign in to leave a comment.