David Cash
Richard Warren- 26 Nov, 2024
Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
Palo Alto GlobalProtect - RCE and Privilege Escalation via Malicious VPN Server (CVE-2024-5921)
Read Article-
David Cash
-
Richard Warren
- 26 Nov, 2024
SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)
SonicWall NetExtender for Windows - RCE as SYSTEM via EPC Client Update (CVE-2024-29014)
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
AmberWolf Uncovers Critical Vulnerabilities in Cato Client
As part of a recent client engagement, we conducted a product assessment of the Cato Client. During this assessment, we discovered significant …
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Cato Client - Account Takeover Via Sensitive Log Data (CVE-2024-6977)
The Cato Client was found to store authentication data within the trace logs generated by the desktop client during SSO authentication.
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Cato SSO - Open Redirect Leading to Config Theft
The web service used during the Cato SSO authentication flow was found to contain an Open Redirect issue, which could allow a remote attacker to …
Read Article-
Richard Warren
-
David Cash
- 31 Jul, 2024
Remote Code Execution via Crafted URLs (CVE-2024-6973)
The Cato Client suffers from a Remote Code Execution vulnerability which could be triggered via a URL handler, or via requests to the local webserver.
Read Article