Cisco patches vulne...
 
Notifications
Clear all

Cisco patches vulnerabilities for Secure Client enterprise VPN

1 Posts
1 Users
0 Likes
89 Views
Brandon Lee
(@brandon-lee)
Posts: 542
Member Admin
Topic starter
 

SecurityWeek has reported that Cisco has released patches to fix various vulnerabilities across its products. Among the corrected issues are two critical bugs in Cisco's Secure Client enterprise VPN application. CVE-2024-20337 could allow attackers to launch carriage return line feed injection attacks on versions of the app running on Windows, macOS, and Linux that use the SAML External Browser feature in the VPN headend. CVE-2024-20338, which affects only the Linux version of Secure Client, could enable attackers to execute arbitrary code on devices with root access. Cisco has also issued patches for other vulnerabilities of medium severity, including data exposure and secondary authentication bypass issues in AppDynamics Controller and Duo Authentication for Windows Logon and RDP. However, Cisco has decided not to fix two medium-severity vulnerabilities in its end-of-life Small Business Access Point products. There have been no reports of these vulnerabilities being exploited in the wild.

https://www.scmagazine.com/brief/fixes-issued-for-several-cisco-product-vulnerabilities

 
Posted : 08/03/2024 10:13 am