Published: March 8, 2024
Overview
Cisco has released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. Threat actors could exploit these vulnerabilities to take control of an affected device. The update addresses the following vulnerabilities:
CVE-2024-20337: A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.
CVE-2024-20338: A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.
Impact
CVE-2024-20337: This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user.
CVE-2024-20338: An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.
Applicable Versions for CVE-2024-20337
| Affected Versions | Not Affected Versions |
|---|---|
| Earlier than 4.10.04065 | |
| 4.10.04065 and later | 4.10.08025 |
| 5.0 and 5.1 | 5.1.2.42 |
Applicable Versions
| Affected Versions | Not Affected Versions |
|---|---|
| Earlier than 5.1.2.42 | 5.1.2.42 |
Mitigations and Workarounds
No workaround is available to address these vulnerabilities. To mitigate the vulnerability, please download updates published by Cisco.
Best Practices
Keep the systems updated with latest security patches.
Netsurion Detection and Response
Netsurion researchers are continuously monitoring the exploits of this vulnerability. Netsurion’s vulnerability management system collaborates with vendors to update the vulnerability scanners, enabling detection for customers who have subscribed to Netsurion Vulnerability Management.
References:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds
- https://nvd.nist.gov/vuln/detail/CVE-2024-20337
- https://nvd.nist.gov/vuln/detail/CVE-2024-20338