Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

by admin 0 Comments

Cyber Security

Products You May Like

Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Mar 08, 2024NewsroomNetwork Security / Vulnerability

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user.

The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.

Arising as a result of insufficient validation of user-supplied input, a threat actor could leverage the flaw to trick a user into clicking on a specially crafted link while establishing a VPN session.

Cybersecurity

“A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token,” the company said in an advisory.

“The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.”

The vulnerability impacts Secure Client for Windows, Linux, and macOS, and has been addressed in the following versions –

  • Earlier than 4.10.04065 (not vulnerable)
  • 4.10.04065 and later (fixed in 4.10.08025)
  • 5.0 (migrate to a fixed release)
  • 5.1 (fixed in 5.1.2.42)

Amazon security researcher Paulos Yibelo Mesfin has been credited with discovering and reporting the flaw, telling The Hacker News that the shortcoming allows attackers to access local internal networks when a target visits a website under their control.

Cybersecurity

Cisco has also published fixes for CVE-2024-20338 (CVSS score: 7.3), another high-severity flaw in Secure Client for Linux that could permit an authenticated, local attacker to elevate privileges on an affected device. It has been resolved in version 5.1.2.42.

“An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process,” it said. “A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
This article was originally published by Thehackernews.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Samsung Galaxy Buds 3 Pro Leaked Images Show LED Strips on Stem; Buds 3 Retail Box Surfaces Ahead of Debut
Meta’s ‘Pay or Consent’ Approach Faces E.U. Competition Rules Scrutiny
Samsung One UI 6 Watch Beta for Select Galaxy Watch 5, Galaxy Watch 4 Models Reportedly Released
Samsung Galaxy M35, iQoo Z9 Lite, Honor 200, and More New Smartphones to Go on Sale During Amazon Prime Day 2024
Revolut CEO confident on UK bank license approval as fintech firm hits record $545 million profit

Leave a Reply

Your email address will not be published. Required fields are marked *