CVE-2024-20337

Severity Score

8.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.

Una vulnerabilidad en el proceso de autenticación SAML de Cisco Secure Client podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de inyección de avance de línea de retorno de carro (CRLF) contra un usuario. Esta vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad persuadiendo a un usuario para que haga clic en un enlace manipulado mientras establece una sesión VPN. Un exploit exitoso podría permitir al atacante ejecutar código de script arbitrario en el navegador o acceder a información confidencial basada en el navegador, incluido un token SAML válido. Luego, el atacante podría usar el token para establecer una sesión VPN de acceso remoto con los privilegios del usuario afectado. Los hosts y servicios individuales detrás de la cabecera VPN aún necesitarían credenciales adicionales para un acceso exitoso.

*Credits: N/A

CVSS Scores

Ciscov3.1 8.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-11-08 CVE Reserved
2024-03-06 CVE Published
2024-03-07 EPSS Updated
2024-08-01 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')

CAPEC

References (1)

URL	Tag	Source
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.00086 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.00086"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.01095 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.01095"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.02028 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.02028"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.03047 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.03047"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.03049 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.03049"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.04043 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.04043"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.04053 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.04053"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.05042 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.05042"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.9.06037 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.9.06037"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.00093 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.00093"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.01075 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.01075"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.02086 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.02086"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.03104 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.03104"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.04065 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.04065"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.04071 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.04071"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.05085 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.05085"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.05095 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.05095"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.05111 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.05111"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.06079 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.06079"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.06090 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.06090"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.07061 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.07061"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.07062 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.07062"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				4.10.07073 Search vendor "Cisco" for product "Cisco Secure Client" and version "4.10.07073"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.00238 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.00238"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.00529 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.00529"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.00556 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.00556"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.01242 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.01242"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.02075 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.02075"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.03072 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.03072"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.03076 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.03076"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.04032 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.04032"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.0.05040 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.0.05040"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.1.0.136 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.1.0.136"		en		Affected
Cisco Search vendor "Cisco"		Cisco Secure Client Search vendor "Cisco" for product "Cisco Secure Client"				5.1.1.42 Search vendor "Cisco" for product "Cisco Secure Client" and version "5.1.1.42"		en		Affected