Cisco patches high-severity flaws in it's Cisco Secure VPN Client

Cisco has released patches for two high-severity vulnerabilities found in its Secure Client, an enterprise VPN application that offers security and monitoring features.

• CVE-2024-20337 (CVSS score 8.2) affects Secure Client across Linux, macOS, and Windows platforms. This flaw can be exploited remotely without any need for authentication through carriage return line feed (CRLF) injection attacks. The vulnerability stems from the application's inadequate validation of user-supplied input. An attacker could exploit this by convincing a user to click on a malicious link while initiating a VPN session, which could lead to the execution of arbitrary scripts in the user's browser or the exposure of sensitive information such as SAML tokens. If obtained, these tokens could allow an attacker to establish a VPN session with the same privileges as the affected user, though further access to individual hosts and services would require additional credentials. Cisco notes that only instances of Secure Client with the VPN headend configured to use the SAML External Browser feature are susceptible. The issue has been addressed in the latest versions of Secure Client, namely 4.10.08025 and 5.1.2.42, while versions prior to 4.10.04065 are deemed safe and version 5.0 will not receive a patch.
• CVE-2024-20338 (CVSS score 7.3) exclusively affects the Linux version of Secure Client and is also rated as high-severity. This flaw requires authentication for exploitation, where an attacker could potentially execute arbitrary code with root privileges by copying a malicious library file to a specific directory and convincing an administrator to restart a particular process. This issue has been remedied in Secure Client version 5.1.2.42.

Cisco has stated it has no knowledge of these vulnerabilities being exploited in the wild. Customers are advised to patch the software as soon as possible.