Unauth CRLF injection in Cisco Secure Client SAML
CVE-2024-20337 Published on March 6, 2024

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.

NVD

Vulnerability Analysis

CVE-2024-20337 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

What is a CRLF Injection Vulnerability?

The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

CVE-2024-20337 has been classified to as a CRLF Injection vulnerability or weakness.

Products Associated with CVE-2024-20337

Want to know whenever a new CVE is published for Cisco Secure Client? stack.watch will email you.

Cisco Secure Client

Affected Versions

Cisco Secure Client:

Version 4.9.00086 is affected.
Version 4.9.01095 is affected.
Version 4.9.02028 is affected.
Version 4.9.03047 is affected.
Version 4.9.03049 is affected.
Version 4.9.04043 is affected.
Version 4.9.04053 is affected.
Version 4.9.05042 is affected.
Version 4.9.06037 is affected.
Version 4.10.00093 is affected.
Version 4.10.01075 is affected.
Version 4.10.02086 is affected.
Version 4.10.03104 is affected.
Version 4.10.04065 is affected.
Version 4.10.04071 is affected.
Version 4.10.05085 is affected.
Version 4.10.05095 is affected.
Version 4.10.05111 is affected.
Version 4.10.06079 is affected.
Version 4.10.06090 is affected.
Version 4.10.07061 is affected.
Version 4.10.07062 is affected.
Version 4.10.07073 is affected.
Version 5.0.00238 is affected.
Version 5.0.00529 is affected.
Version 5.0.00556 is affected.
Version 5.0.01242 is affected.
Version 5.0.02075 is affected.
Version 5.0.03072 is affected.
Version 5.0.03076 is affected.
Version 5.0.04032 is affected.
Version 5.0.05040 is affected.
Version 5.1.0.136 is affected.
Version 5.1.1.42 is affected.

cisco secure_client:

Version 4.10.00093 is affected.
Version 4.10.01075 is affected.
Version 4.10.02086 is affected.
Version 4.10.03104 is affected.
Version 4.10.04065 is affected.
Version 4.10.04071 is affected.
Version 4.10.05085 is affected.
Version 4.10.05095 is affected.
Version 4.10.05111 is affected.
Version 4.10.06079 is affected.
Version 4.10.06090 is affected.
Version 4.10.07061 is affected.
Version 4.10.07062 is affected.
Version 4.10.07073 is affected.
Version 4.9.00086 is affected.
Version 4.9.01095 is affected.
Version 4.9.02028 is affected.
Version 4.9.03047 is affected.
Version 4.9.03049 is affected.
Version 4.9.04043 is affected.
Version 4.9.04053 is affected.
Version 4.9.05042 is affected.
Version 4.9.06037 is affected.
Version 5.0.00238 is affected.
Version 5.0.00529 is affected.
Version 5.0.00556 is affected.
Version 5.0.01242 is affected.
Version 5.0.02075 is affected.
Version 5.0.03072 is affected.
Version 5.0.03076 is affected.
Version 5.0.04032 is affected.
Version 5.1.0.136 is affected.
Version 5.1.1.42 is affected.

Exploit Probability

EPSS

4.95%

Percentile

89.45%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.