CatDV Server: Update Now: Mandatory Security Update

Summary: SBS is notifying you of a vulnerability impacting the CatDV Server software. There is a known CVE (Common Vulnerabilities & Exposures) related to this issue, which has been publicly disclosed and assigned ID number CVE-2021-26705. Under certain active session conditions, this vulnerability may be able to be exploited to allow an attacker to gain administrative level access to the CatDV Server system and it is therefore mandatory that all CatDV Server users upgrade to the latest versions to avoid any unauthorized access.

Affected software is the CatDV Server (Essential, Workgroup, Enterprise, Pegasus) up to version 9.2. CatDV Server 9.3.0, or for older system users, 8.0.8 is available to address this vulnerability.

Solution: There is a mandatory upgrade for all CatDV Server users, most critically for internet accessible systems.  The fix for this vulnerability has been made in CatDV Server version 9.3.0 and 8.0.8, and is available on the CatDV website to download – https://catdv.com/support/download/.

There is a self-guided installation process included as part of the software, though if you do need assistance please contact [email protected] stating upgrade assistance required for version 9.3.0, and the SBS technical support team will provide a guided upgrade.

Please also note that if you upgrading to CatDV Server version 9.3.0 or above that you will also need to upgrade your desktop client software to 13.0.14 or above.

Ensure that you back up the server before you begin your upgrade, and confirm the backup has been successful.

References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-26705

Let us know if you have any questions.