FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-20337

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)

Published: Mar 6, 2024 / Updated: 8mo ago

010
CVSS 8.2EPSS 0.04%High
CVE info copied to clipboard

A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Timeline

CVE Assignment

NVD published the first details for CVE-2024-20337

Mar 6, 2024 at 9:15 AM
First Article

Feedly found the first article mentioning CVE-2024-20337. See article

Mar 6, 2024 at 4:56 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Mar 6, 2024 at 4:56 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 7.1%)

Mar 7, 2024 at 3:04 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379485)

Mar 8, 2024 at 12:00 AM
Trending

This CVE started to trend in security discussions

Mar 8, 2024 at 3:42 PM
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Mar 10, 2024 at 6:10 AM
CVSS

A CVSS base score of 0 has been assigned.

Mar 10, 2024 at 1:10 PM / nvd
Static CVE Timeline Graph

Affected Systems

Cisco/secure_client
+null more

Exploits

https://github.com/swagcraftedd/CVE-2024-20337-POC
+null more

Attack Patterns

CAPEC-15: Command Delimiters
+null more

References

Rewterz Threat Advisory – Multiple Cisco Products Vulnerabilities
Rewterz / 8mo
Cisco Small Business 100, 300, and 500 Series Wireless Access Points could allow a remote authenticated attacker to execute arbitrary command on the system, caused by insufficient validation of user-supplied input. Cisco Secure Client could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input.

News

1.749
FortiGuard Labs | End Point Vulnerability Updates ( Windows ) / 49d
Newly Added (2) OpenSSL CVE-2024-5535 Information Disclosure Vulnerability Cisco Secure Client CVE-2024-20337 CRLF Injection Vulnerability Modified (11) TeamViewer CVE-2018-16550 Vulnerability TeamViewer CVE-2018-14333 Information Disclosure Vulnerability TeamViewer CVE-2019-11769 Information Disclosure Vulnerability TeamViewer CVE-2019-19362 Information Disclosure Vulnerability TeamViewer CVE-2019-18196 Untrusted Search Path Vulnerability TeamViewer CVE-2019-18988 Weak Password Requirements Vulnerability TeamViewer CVE-2020-13699 Argument Injection Vulnerability TeamViewer CVE-2021-34803 Privilege Escalation Vulnerability TeamViewer CVE-2021-34859 Buffer Overflow Vulnerability TeamViewer CVE-2021-35005 Validation Bypass Vulnerability TeamViewer CVE-2023-0837 Authorization Bypass Vulnerability
A vulnerability in the SAML authentication process of Cisco Secure Client cou...
CVE | THREATINT - UPDATED.RSS / 3mo
The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session.
Understanding CRLF Injection Attacks
I Programmer - full contents / 6mo
Recently an vulnerability was identified in the Cisco Secure Client that could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. Identified with the Cisco bug ID CSCwi37512 and the CVE identifier CVE-2024-20337, this security issue posed the risk of enabling a Client Carriage Return Line Feed (CRLF) injection attack via remote access without authentication.
You Should Update Apple iOS and Google Chrome ASAP
Feed: All Latest / 7mo
At the end of the month, Google issued seven security fixes, including a patch for a critical use-after-free flaw in ANGLE tracked as CVE-2024-2883 . Microsoft’s March Patch Tuesday has fixed over 60 security vulnerabilities, including multiple issues that could allow an attacker to execute code remotely.
Cisco VPN Hijacking Flaw In Secure Client Software Patched - Security Boulevard
"Cisco" - Google News / 8mo
Given this, the Cisco VPN hijacking flaw, if exploited, would lead to threat actors gaining remote access, allowing them to expand the attack surface. The security research expert has been cited, stating that the VPN security vulnerability pair, if exploited, would allow threat actors to have access to local internal networks when the target user visits a website under their control.
See 86 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Changed
Confidentiality:High
Integrity:Low
Availability Impact:None

Categories

CVSS 8.2(18246)CWE-93(62)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial