CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20337

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.066

EPSS Ranking 90.8%

CVSS Severity

CVSS v3 Score 8.2

References

Products affected by CVE-2024-20337

Cisco » Secure Client » Version: 4.10.04065

cpe:2.3:a:cisco:secure_client:4.10.04065
Cisco » Secure Client » Version: 4.10.04071

cpe:2.3:a:cisco:secure_client:4.10.04071
Cisco » Secure Client » Version: 4.10.05085

cpe:2.3:a:cisco:secure_client:4.10.05085
Cisco » Secure Client » Version: 4.10.05095

cpe:2.3:a:cisco:secure_client:4.10.05095
Cisco » Secure Client » Version: 4.10.05111

cpe:2.3:a:cisco:secure_client:4.10.05111
Cisco » Secure Client » Version: 4.10.06079

cpe:2.3:a:cisco:secure_client:4.10.06079
Cisco » Secure Client » Version: 4.10.06090

cpe:2.3:a:cisco:secure_client:4.10.06090
Cisco » Secure Client » Version: 4.10.07061

cpe:2.3:a:cisco:secure_client:4.10.07061
Cisco » Secure Client » Version: 4.10.07062

cpe:2.3:a:cisco:secure_client:4.10.07062
Cisco » Secure Client » Version: 4.10.07073

cpe:2.3:a:cisco:secure_client:4.10.07073
Cisco » Secure Client » Version: 5.0.00529

cpe:2.3:a:cisco:secure_client:5.0.00529
Cisco » Secure Client » Version: 5.0.00556

cpe:2.3:a:cisco:secure_client:5.0.00556
Cisco » Secure Client » Version: 5.0.01242

cpe:2.3:a:cisco:secure_client:5.0.01242
Cisco » Secure Client » Version: 5.0.02075

cpe:2.3:a:cisco:secure_client:5.0.02075
Cisco » Secure Client » Version: 5.0.03072

cpe:2.3:a:cisco:secure_client:5.0.03072
Cisco » Secure Client » Version: 5.0.03076

cpe:2.3:a:cisco:secure_client:5.0.03076
Cisco » Secure Client » Version: 5.0.04032

cpe:2.3:a:cisco:secure_client:5.0.04032
Cisco » Secure Client » Version: 5.0.05040

cpe:2.3:a:cisco:secure_client:5.0.05040
Cisco » Secure Client » Version: 5.1.0.136

cpe:2.3:a:cisco:secure_client:5.1.0.136
Cisco » Secure Client » Version: 5.1.1.42

cpe:2.3:a:cisco:secure_client:5.1.1.42
Apple » Macos » Version: N/A

cpe:2.3:o:apple:macos:-
Linux » Linux Kernel » Version: N/A

cpe:2.3:o:linux:linux_kernel:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-20337

Products

Pricing

Contact Us