Cisco has launched patches to handle a high-severity security flaw impacting its Safe Shopper software program that may very well be exploited by a risk actor to open a VPN session with that of a focused person.
The networking tools firm described the vulnerability, tracked as CVE-2024-20337 (CVSS rating: 8.2), as permitting an unauthenticated, distant attacker to conduct a carriage return line feed (CRLF) injection assault in opposition to a person.
Arising on account of inadequate validation of user-supplied enter, a risk actor may leverage the flaw to trick a person into clicking on a specifically crafted hyperlink whereas establishing a VPN session.
“A profitable exploit may permit the attacker to execute arbitrary script code within the browser or entry delicate, browser-based data, together with a sound SAML token,” the corporate stated in an advisory.
“The attacker may then use the token to ascertain a distant entry VPN session with the privileges of the affected person. Particular person hosts and providers behind the VPN headend would nonetheless want extra credentials for profitable entry.”
The vulnerability impacts Safe Shopper for Home windows, Linux, and macOS, and has been addressed within the following variations –
- Sooner than 4.10.04065 (not susceptible)
- 4.10.04065 and later (mounted in 4.10.08025)
- 5.0 (migrate to a hard and fast launch)
- 5.1 (mounted in 5.1.2.42)
Amazon security researcher Paulos Yibelo Mesfin has been credited with discovering and reporting the flaw, telling The Hacker Information that the shortcoming permits attackers to entry native inner networks when a goal visits a web site beneath their management.
Cisco has additionally revealed fixes for CVE-2024-20338 (CVSS rating: 7.3), one other high-severity flaw in Safe Shopper for Linux that might allow an authenticated, native attacker to raise privileges on an affected gadget. It has been resolved in model 5.1.2.42.
“An attacker may exploit this vulnerability by copying a malicious library file to a selected listing within the filesystem and persuading an administrator to restart a selected course of,” it stated. “A profitable exploit may permit the attacker to execute arbitrary code on an affected gadget with root privileges.”
