Impact
Improper certificate validation and a time‑of‑check time‑of‑use race condition in the PrivilegedHelperTool XPC service of the Cato Networks SDP Client allow a local authenticated user to execute actions as root. The attacker can send requests that the service accepts without verifying the caller’s certificate chain, satisfying CWE‑295, or can replace a symlink during package installation to trigger the helper with elevated privileges, matching CWE‑367. Both paths grant full root access on the affected macOS system.
Affected Systems
The vulnerability applies to macOS installations of Cato Networks’ SDP Client running any version earlier than 5.13.1. No other vendors or operating system versions are mentioned in the CNA data.
Risk and Exploitability
The CVSS score of 6.4 indicates moderate risk. The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, so exploit activity is currently uncertain. The flaw requires local access, either during installation or by an authenticated user sending requests to the XPC service, and can be fully mitigated once the client is updated to a version that enforces proper certificate validation and removes the race condition.
OpenCVE Enrichment