A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Apple |
|
| Cisco |
|
| Linux |
|
| Microsoft |
|
Configuration 1 [-]
| AND |
|
No data.
References
History
Tue, 22 Jul 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apple
Apple macos Linux Linux linux Kernel Microsoft Microsoft windows |
|
| CPEs | cpe:2.3:a:cisco:secure_client:*:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Apple
Apple macos Linux Linux linux Kernel Microsoft Microsoft windows |
MITRE
Status: PUBLISHED
Assigner: cisco
Published:
Updated: 2024-08-01T21:59:42.871Z
Reserved: 2023-11-08T15:08:07.642Z
Link: CVE-2024-20337
Vulnrichment
Updated: 2024-08-01T21:59:42.871Z
NVD
Status : Analyzed
Published: 2024-03-06T17:15:09.580
Modified: 2025-07-22T18:00:37.350
Link: CVE-2024-20337
Redhat
No data.