Cisco recently released security advisories to tackle vulnerabilities in multiple products, focusing on Cisco Secure Client versions 4.10.04065 to versions prior to 4.10.08025, version 5.0, and versions 5.1 before 5.1.2.42. The advisories highlight a significant vulnerability in the SAML authentication process, which could empower an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This flaw results from insufficient validation of user-supplied input and, if successfully exploited, could allow attackers to execute arbitrary script code, compromising browser-based information and potentially enabling them to establish a remote access VPN session with the affected user’s privileges.
The affected products include Secure Client for Linux, macOS, and Windows, provided they are running a vulnerable release and configured with the SAML External Browser feature. Cisco has issued software updates to address the vulnerability, emphasizing that there are no workarounds available. The company encourages users and administrators to review the provided web links and promptly apply the necessary updates to mitigate the risk. Cisco has confirmed that certain products, including Secure Client AnyConnect for Android and AnyConnect for iOS, are not vulnerable. The advisory also provides details on how users can determine the VPN Headend Configuration to assess their systems’ vulnerability and mentions the absence of workarounds for this particular issue.
