Cisco tells Secure Client users to patch immediately or risk VPN security flaw

9 March 2024, 04:17 published

[ad_1]

Networking giant Cisco has patched a high-severity flaw in one of its software products which could be leveraged to open a VPN session with a target endpoint.

The flaw is found in Secure Client, and is described as “carriage return line feed injection vulnerability”.

Tracked as CVE-2024-20337, it carries a severity score of 8.2, and allows an unauthenticated threat actor to run a carriage return line feed (CRLF) injection on the target endpoint, remotely.

A patch is available

“A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token,” the company said in an advisory. “The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.”

TheHackerNews explained that the vulnerability stemmed from insufficient validation of user-supplied input. Hackers could use the flaw to trick potential victims into clicking a custom-tailored link while establishing a VPN session. The researcher who discovered the flaw, Amazon’s Paulos Yibelo Mesfin, told the publication that threat actors could abuse this flaw to access their targets’ local internal networks. All the victims need to do is visit a website under the attackers’ control.

To make sure their endpoints are secure, IT teams should update their software to these versions:

Earlier than 4.10.04065 (not vulnerable)
4.10.04065 and later (fixed in 4.10.08025)
5.0 (migrate to a fixed release)
5.1 (fixed in 5.1.2.42)

Virtual Private Network (VPN) solutions are an indispensable part of every organization’s tech stack, and as a result, are often targeted by threat actors. Recently, Ivanti’s VPN solution came under fire after discovering multiple high-severity vulnerabilities that were exploited en-masse to steal sensitive data, engage in espionage, and deploy malware and ransomware.