Information Disclosure in SecureAge CatchPulse via saappctl.sys

Impact Analysis

The main impact of this vulnerability is information disclosure, meaning that sensitive or confidential information could be exposed to unauthorized users.

Since local access is required, an attacker would need to have some level of access to the affected system to exploit this vulnerability.

The CVSS v3.1 base score of 3.3 indicates a low severity impact, primarily affecting confidentiality without impacting integrity or availability.

Useful 0 Not Useful 0

Executive Summary

This vulnerability exists in SecureAge CatchPulse up to version 10.9.1, specifically in an unknown function within the saappctl.sys library component called the IOCTL Handler. The vulnerability allows an attacker with local access to manipulate the system in a way that leads to information disclosure.

The exploit for this vulnerability has been publicly disclosed and may be used by attackers. The vendor was informed early but did not respond.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability leads to information disclosure through manipulation of an unknown function in the saappctl.sys library component. Since it involves local access and results in information disclosure, it could potentially impact compliance with standards and regulations that require protection of sensitive data, such as GDPR and HIPAA.

However, the provided context does not specify any direct effects or assessments related to compliance with these standards or regulations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects the SecureAge CatchPulse software up to version 10.9.1, specifically an unknown function in the saappctl.sys library related to the IOCTL Handler. Detection requires local access to the system.

Since the vulnerability involves a local driver component (saappctl.sys), detection would typically involve checking for the presence and version of this driver on the system.

• On Windows systems, you can use the command: "sc query saappctl" to check if the driver service is installed and running.
• Use "driverquery /v | findstr saappctl.sys" to verify the driver version and presence.
• Check the installed version of SecureAge CatchPulse software to see if it is up to 10.9.1, which is vulnerable.

No specific detection commands or signatures are provided in the available resources.

Useful 0 Not Useful 0

Mitigation Strategies

The vulnerability requires local access and leads to information disclosure via the saappctl.sys driver in SecureAge CatchPulse up to version 10.9.1.

Immediate mitigation steps include:

• Restrict local access to trusted users only to reduce the risk of exploitation.
• Monitor and audit local user activities to detect any suspicious behavior.
• If possible, uninstall or disable the SecureAge CatchPulse software until a patch or update is available.
• Contact SecureAge for updates or patches, although the vendor has not responded to this disclosure yet.

No official patches or vendor guidance are currently available according to the provided information.

Useful 0 Not Useful 0