overview

A vulnerability, tracked as CVE-2024-20337 (CVSS 8.2), has been found in Cisco Secure Client. This flaw, exposes a vulnerability in the SAML authentication process, potentially allowing unauthenticated remote attackers to conduct a carriage return line feed (CRLF) injection attack.  

If exploited, this vulnerability could lead to the execution of arbitrary script code within users' browsers or access to sensitive browser-based information, including valid SAML tokens. Attackers could leverage these tokens to establish remote access VPN sessions with the privileges of a user. 

According to Cisco’s advisory, CVE-2024-20337 impacts the following Cisco products if they are running a vulnerable release of Cisco Secure Client and the VPN and the VPN headend is configured with the SAML External Browser feature:  

  • Secure Client for Linux 
  • Secure Client for macOS 
  • Secure Client for Windows 

Now, there are no reports of the vulnerability being exploited in the wild, however, Cisco has released software updates to address the security flaw. Users of Cisco Secure Client are strongly advised to update to version 8.7.0.1.1 as soon as possible.  

 

 

avertium's recommendationS

  • Avertium highly recommends updating to Cisco Secure Client 8.7.0.1.1 as soon as possible, as there are no workarounds for CVE-2024-20337. Cisco customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels. 
  • You can find further information in Cisco’s advisory 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-20337. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 

  • Fusion MXDR is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 




 

SUPPORTING DOCUMENTATION

Cisco Secure Client Carriage Return Line Feed Injection Vulnerability 

 
Chat With One of Our Experts



Cisco Vulnerabilities Flash Notice Cisco High-Severity Vulnerability Blog