Cisco has launched patches to deal with a high-severity safety flaw impacting its Safe Shopper software program that could possibly be exploited by a menace actor to open a VPN session with that of a focused person.
The networking gear firm described the vulnerability, tracked as CVE-2024-20337 (CVSS rating: 8.2), as permitting an unauthenticated, distant attacker to conduct a carriage return line feed (CRLF) injection assault towards a person.
Arising on account of inadequate validation of user-supplied enter, a menace actor might leverage the flaw to trick a person into clicking on a specifically crafted hyperlink whereas establishing a VPN session.
“A profitable exploit might permit the attacker to execute arbitrary script code within the browser or entry delicate, browser-based data, together with a legitimate SAML token,” the corporate stated in an advisory.
“The attacker might then use the token to determine a distant entry VPN session with the privileges of the affected person. Particular person hosts and companies behind the VPN headend would nonetheless want further credentials for profitable entry.”
The vulnerability impacts Safe Shopper for Home windows, Linux, and macOS, and has been addressed within the following variations –
- Sooner than 4.10.04065 (not weak)
- 4.10.04065 and later (fastened in 4.10.08025)
- 5.0 (migrate to a hard and fast launch)
- 5.1 (fastened in 5.1.2.42)
Amazon safety researcher Paulos Yibelo Mesfin has been credited with discovering and reporting the flaw, telling The Hacker Information that the shortcoming permits attackers to entry native inner networks when a goal visits an internet site underneath their management.
Cisco has additionally revealed fixes for CVE-2024-20338 (CVSS rating: 7.3), one other high-severity flaw in Safe Shopper for Linux that would allow an authenticated, native attacker to raise privileges on an affected system. It has been resolved in model 5.1.2.42.
“An attacker might exploit this vulnerability by copying a malicious library file to a particular listing within the filesystem and persuading an administrator to restart a particular course of,” it stated. “A profitable exploit might permit the attacker to execute arbitrary code on an affected system with root privileges.”