Cisco Patches a High-Severity VPN Hijacking Bug in Secure Client


Cisco Patches a High-Severity VPN Hijacking Bug in Secure Client

Cisco, a leading networking equipment company, has recently patched a high-severity vulnerability in its Secure Client software. The vulnerability, tracked as CVE-2024-20337, has a CVSS (Common Vulnerability Scoring System) score of 8.2, indicating a high level of severity.

This vulnerability allows an unauthenticated, remote attacker to conduct what is known as a carriage return line feed (CRLF) injection attack against a user. In simple terms, a CRLF injection attack occurs when an attacker manages to insert special characters, specifically a carriage return (CR) and a line feed (LF), into an application. These characters are used to denote the end of a line in many computer systems.

The Impact of the vulnerability patched by Cisco.

The CVE-2024-20337 flaw allows bad actors to execute script code remotely and access data on browsers with SAML external browser configurations. These attacks can assist in changing content or pushing browsers to ignore legitimate content. The bug allows threat actors to target Secure Client users on Windows, Linux, and macOS systems.

The Patch released by Cisco.

On March 11, 2024, Cisco released patches fixing the high-severity flaws that made its Secure Client software susceptible to bad actors running VPN hijacking operations. The patches address vulnerabilities CVE-2024-20337 and another related vulnerability, CVE-2024-20338.

Cisco urged users to upgrade their Secure Client to the latest versions. The patches were introduced for Secure Client 4.10.04065, 4.10.08025, 5.0, and versions.

The Importance of Cybersecurity

This incident underscores the importance of vigilance and best practices in cybersecurity. Regular software updates, multi-factor authentication, caution in interacting with links, and the use of trusted networks are all crucial in maintaining security.


In conclusion, while the discovery of such a high-severity vulnerability is concerning, the prompt action by Cisco to release patches and urge users to update their software is a positive step towards mitigating the risk. This incident serves as a reminder of the ongoing challenges in cybersecurity and the importance of staying vigilant and up to date with software updates.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment