Cisco has launched patches to deal with a high-severity safety flaw impacting its Safe Consumer software program that might be exploited by a menace actor to open a VPN session with that of a focused consumer.
The networking gear firm described the vulnerability, tracked as CVE-2024-20337 (CVSS rating: 8.2), as permitting an unauthenticated, distant attacker to conduct a carriage return line feed (CRLF) injection assault towards a consumer.
Arising on account of inadequate validation of user-supplied enter, a menace actor might leverage the flaw to trick a consumer into clicking on a specifically crafted hyperlink whereas establishing a VPN session.
“A profitable exploit might permit the attacker to execute arbitrary script code within the browser or entry delicate, browser-based info, together with a legitimate SAML token,” the corporate mentioned in an advisory.
“The attacker might then use the token to determine a distant entry VPN session with the privileges of the affected consumer. Particular person hosts and companies behind the VPN headend would nonetheless want further credentials for profitable entry.”
The vulnerability impacts Safe Consumer for Home windows, Linux, and macOS, and has been addressed within the following variations –
- Sooner than 4.10.04065 (not susceptible)
- 4.10.04065 and later (mounted in 4.10.08025)
- 5.0 (migrate to a set launch)
- 5.1 (mounted in 5.1.2.42)
Amazon safety researcher Paulos Yibelo Mesfin has been credited with discovering and reporting the flaw, telling The Hacker Information that the shortcoming permits attackers to entry native inner networks when a goal visits a web site underneath their management.
Cisco has additionally revealed fixes for CVE-2024-20338 (CVSS rating: 7.3), one other high-severity flaw in Safe Consumer for Linux that would allow an authenticated, native attacker to raise privileges on an affected system. It has been resolved in model 5.1.2.42.
“An attacker might exploit this vulnerability by copying a malicious library file to a particular listing within the filesystem and persuading an administrator to restart a particular course of,” it mentioned. “A profitable exploit might permit the attacker to execute arbitrary code on an affected system with root privileges.”