Networking giant Cisco has patched a highseverity flaw in one of its software products which could be leveraged to open a VPN session with a target endpoint.
The flaw is found in Secure Client, and is described as “carriage return line feed injection vulnerability”.
Tracked as CVE202420337, it carries a severity score of 8.2, and allows an unauthenticated threat actor to run a carriage return line feed (CRLF) injection on the target endpoint, remotely.
A patch is available
“A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browserbased information, including a valid SAML token,” the company said in an advisory. “The attacker could then use the token to establish a remote access vpn session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.”
TheHackerNews explained that the vulnerability stemmed from insufficient validation of usersupplied input. Hackers could use the flaw to trick potential victims into clicking a customtailored link while establishing a VPN session. The researcher who discovered the flaw, Amazon’s Paulos Yibelo Mesfin, told the publication that threat actors could abuse this flaw to access their targets’ local internal networks. All the victims need to do is visit a website under the attackers’ control.
To make sure their endpoints are secure, IT teams should update their software to these versions:
Earlier than 4.10.04065 (not vulnerable)
4.10.04065 and later (fixed in 4.10.08025)
5.0 (migrate to a fixed release)
5.1 (fixed in 5.1.2.42)