Home Cyber Security Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

H-Tech News
-
0
Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client
VPN Hijacking Bug

Cisco has launched patches to deal with a high-severity safety flaw impacting its Safe Consumer software program that may very well be exploited by a menace actor to open a VPN session with that of a focused consumer.

The networking gear firm described the vulnerability, tracked as CVE-2024-20337 (CVSS rating: 8.2), as permitting an unauthenticated, distant attacker to conduct a carriage return line feed (CRLF) injection assault in opposition to a consumer.

Arising because of inadequate validation of user-supplied enter, a menace actor may leverage the flaw to trick a consumer into clicking on a specifically crafted hyperlink whereas establishing a VPN session.

“A profitable exploit may permit the attacker to execute arbitrary script code within the browser or entry delicate, browser-based data, together with a legitimate SAML token,” the corporate mentioned in an advisory.

“The attacker may then use the token to ascertain a distant entry VPN session with the privileges of the affected consumer. Particular person hosts and providers behind the VPN headend would nonetheless want extra credentials for profitable entry.”

The vulnerability impacts Safe Consumer for Home windows, Linux, and macOS, and has been addressed within the following variations –

  • Sooner than 4.10.04065 (not susceptible)
  • 4.10.04065 and later (mounted in 4.10.08025)
  • 5.0 (migrate to a hard and fast launch)
  • 5.1 (mounted in 5.1.2.42)

Amazon safety researcher Paulos Yibelo Mesfin has been credited with discovering and reporting the flaw, telling The Hacker Information that the shortcoming permits attackers to entry native inner networks when a goal visits a web site underneath their management.

Cisco has additionally revealed fixes for CVE-2024-20338 (CVSS rating: 7.3), one other high-severity flaw in Safe Consumer for Linux that might allow an authenticated, native attacker to raise privileges on an affected machine. It has been resolved in model 5.1.2.42.

“An attacker may exploit this vulnerability by copying a malicious library file to a particular listing within the filesystem and persuading an administrator to restart a particular course of,” it mentioned. “A profitable exploit may permit the attacker to execute arbitrary code on an affected machine with root privileges.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here

© Newspaper WordPress Theme by TagDiv