CVE-2024-20337

Summary

CVE-2024-20337 is a vulnerability affecting the Single Sign-On (SSO) feature of Cisco Secure Client. An unauthenticated, remote attacker can exploit insufficient input validation during the SAML authentication process to carry out a Carriage Return Line Feed (CRLF) injection attack. Successful exploitation could enable the attacker to execute arbitrary scripts in the user's browser or gain access to sensitive, browser-based information, such as a valid SAML token. The token, in turn, could be used to establish a remote access VPN session with the privileges of the affected user. Hosts and services behind the VPN headend would still require additional credentials for successful access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.