Cisco patches vulne...
Clear all

Cisco patches vulnerabilities for Secure Client enterprise VPN

1 Posts
1 Users
Brandon Lee
Posts: 542
Member Admin
Topic starter

SecurityWeek has reported that Cisco has released patches to fix various vulnerabilities across its products. Among the corrected issues are two critical bugs in Cisco's Secure Client enterprise VPN application. CVE-2024-20337 could allow attackers to launch carriage return line feed injection attacks on versions of the app running on Windows, macOS, and Linux that use the SAML External Browser feature in the VPN headend. CVE-2024-20338, which affects only the Linux version of Secure Client, could enable attackers to execute arbitrary code on devices with root access. Cisco has also issued patches for other vulnerabilities of medium severity, including data exposure and secondary authentication bypass issues in AppDynamics Controller and Duo Authentication for Windows Logon and RDP. However, Cisco has decided not to fix two medium-severity vulnerabilities in its end-of-life Small Business Access Point products. There have been no reports of these vulnerabilities being exploited in the wild.

Posted : 08/03/2024 10:13 am