Vulmon
CVE-2024-20337 POC Cisco Secure Client CRLF RCE and unauthorized remote access to VPN sessions
CVE-2024-20337-POC CVE-2024-20337 POC Cisco Secure Client CRLF RCE and unauthorized remote access to VPN sessions
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote malicious user to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the malicious user to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Critical bugs galore among 61 Microsoft fixes, 56 from Adobe, a dozen from SAP, and a fistful from Fortinet
Patch Tuesday Microsoft's monthly patch drop has arrived, delivering a mere 61 CVE-tagged vulnerabilities – none listed as under active attack or already known to the public. We'll hold our judgement until tomorrow to see if Exploit Wednesday lives up to its name. But in the meantime, here's a look at Redmond's security bugs. Two of the latest patches are listed as critical and both affect Windows Hyper-V hypervisor. Oddly, the two critical bugs didn't receive the highest CVSS ratings – but ...