Primary

Context

Cato Networks Socket Command Injection Vulnerability in Web Interface

Vulnerability

A command injection vulnerability has been identified in Cato Networks' Socket versions prior to 25. This vulnerability allows an authenticated attacker with access to the Socket web interface to execute arbitrary operating system commands as the root user on the device's internal system.

Impact

Exploitation of this vulnerability allows for unauthorized execution of operating system commands with root privileges on the affected device.

Remediation

Users are advised to upgrade to Socket version 25 or later to address this vulnerability.

Added: Mar 31, 2026, 12:32 PM

Updated: Mar 31, 2026, 12:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cato Networks Socket Command Injection Vulnerability in Web Interface

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating