Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token.
“The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user,” Cisco says, but notes that “Individual hosts and services behind the VPN headend would still need additional credentials for successful access.”
The vulnerability affects specific Secure Client for Windows, macOS and Linux versions – if the VPN headend is configured with the SAML External Browser feature.
CVE-2024-20338, on the other hand, affects only Cisco Secure Client for Linux if it has the ISE Posture module installed; can only be exploited by an authenticated, local attacker; and could allow the attacker to execute arbitrary code on an affected device with root privileges.
This time around, Cisco has also patched several medium-severity vulnerabilities in Duo Authentication for Windows Logon and RDP and AppDynamics Controller, and warned about two flaws in Cisco Small Business 100, 300, and 500 Series wireless access points that could allow authenticated, remote attackers to execute arbitrary code as the root user.
“Customers are encouraged to migrate to the Cisco Business Access Point Series,” Cisco advises.
