A CRLF injection may result in your VPN session being stolen.
Cisco has released updates to address a critical vulnerability in its Secure Client software that allowed attackers to connect to the VPN sessions of targeted users.
The vulnerability, designated CVE-2024-20337 with a severity rating of 8.2 on the CVSS scale, allows an unauthenticated remote attacker to conduct "CRLF Injection" attacks, so hackers can force their victims to click on a specially created link during the establishment of a VPN session.
A successful attack makes it possible to execute an arbitrary script in the victim's browser or gain access to confidential information, including a valid SAML token, which, in turn, allows the attacker to establish remote access to the VPN session with the rights of the affected user.
The vulnerability affects Secure Client for Windows, Linux and macOS, but has already been fixed by the company in the latest software releases. The table of secure versions can be found on this page.
In addition, Cisco also fixed another critical vulnerability under the identifier CVE-2024-20338 (CVSS score 7.3) in Secure Client for Linux, which allowed an attacker with local access to increase their privileges on the device. This vulnerability was fixed in version 5.1.2.42.
Cisco encourages users to upgrade their systems immediately to protect them from potential attacks.
Cisco has released updates to address a critical vulnerability in its Secure Client software that allowed attackers to connect to the VPN sessions of targeted users.
The vulnerability, designated CVE-2024-20337 with a severity rating of 8.2 on the CVSS scale, allows an unauthenticated remote attacker to conduct "CRLF Injection" attacks, so hackers can force their victims to click on a specially created link during the establishment of a VPN session.
A successful attack makes it possible to execute an arbitrary script in the victim's browser or gain access to confidential information, including a valid SAML token, which, in turn, allows the attacker to establish remote access to the VPN session with the rights of the affected user.
The vulnerability affects Secure Client for Windows, Linux and macOS, but has already been fixed by the company in the latest software releases. The table of secure versions can be found on this page.
In addition, Cisco also fixed another critical vulnerability under the identifier CVE-2024-20338 (CVSS score 7.3) in Secure Client for Linux, which allowed an attacker with local access to increase their privileges on the device. This vulnerability was fixed in version 5.1.2.42.
Cisco encourages users to upgrade their systems immediately to protect them from potential attacks.
