Cisco unveiled patches aimed at rectifying a high-severity security flaw discovered within its Secure Client software. This vulnerability, identified as CVE-2024-20337, poses a significant risk, allowing malicious actors to exploit it for unauthorized access to VPN sessions of targeted users.
CVE-2024-20337 in Detail
Rated with a CVSS score of 8.2, the flaw revolves around a carriage return line feed (CRLF) injection attack, permitting remote attackers to manipulate user sessions with detrimental consequences. The vulnerability stems from insufficient validation of user-supplied input, enabling threat actors to deploy specially crafted links to dupe users into triggering the exploit unknowingly while establishing VPN connections.
The implications of a successful attack are dire, granting assailants the ability to execute arbitrary script code within the victim’s browser environment or access sensitive information, including valid Security Assertion Markup Language (SAML) tokens. Armed with such tokens, attackers can initiate remote access VPN sessions masquerading as authenticated users, potentially infiltrating internal networks and compromising sensitive data. This critical flaw impacts Secure Client software across multiple platforms, including Windows, Linux, and macOS.
Cisco has swiftly responded to the threat, rolling out patches across various software versions to mitigate the risk effectively. Versions earlier than 4.10.04065 are deemed non-vulnerable, whereas subsequent releases have been fortified to address the vulnerability.
CVE-2024-20338 Also Patched
In addition, the company has taken measures to resolve another high-severity flaw, denoted as CVE-2024-20338, affecting Secure Client for Linux. This vulnerability, with a CVSS score of 7.3, could enable local attackers to elevate privileges on compromised devices, posing significant security concerns.
Cisco credits Amazon security researcher Paulos Yibelo Mesfin for identifying and reporting the vulnerabilities. Mesfin said that the discovered flaw could potentially grant attackers access to local internal networks, further highlighting the severity of the threat.
Cisco urges users to promptly apply the necessary patches and updates to safeguard their systems against potential exploitation.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: