Cisco, a leading networking and cybersecurity company, has recently identified two critical vulnerabilities in its products. These vulnerabilities pose potential risks to users and require immediate attention.

Vulnerability Details

First Vulnerability (CVE-2024-20337)

The first flaw stems from insufficient validation of user-supplied input. When establishing a VPN connection, an attacker can exploit this vulnerability by enticing a user to click on a malicious link. If successful, the attacker can execute arbitrary script code within the user’s browser. This poses a severe security risk.

Workaround: Cisco has promptly addressed this issue by releasing a software update. Users are strongly advised to apply the update to mitigate the risk.

Affected Products for CVE-2024-20337

The flaw impacts Cisco products running vulnerable versions of Cisco Secure Client. Specifically, the following platforms are affected:

• Secure Client for Linux
• Secure Client for macOS
• Secure Client for Windows

Second Vulnerability (CVE-2024-20338)

The second vulnerability arises from an unregulated element in the search path. An attacker can exploit this flaw by placing a malicious library file in a designated directory within the filesystem. Subsequently, the attacker convinces an administrator to restart a specific process, leading to a potential compromise.

Workaround: Cisco has proactively addressed this vulnerability by releasing a software update. Users should promptly apply the update to safeguard their systems.

Affected Products for CVE-2024-20338

This vulnerability impacts Cisco devices operating on exposed versions of Cisco Secure Client for Linux, particularly those with the ISE Posture module installed.

Cisco users are strongly urged to review their systems for these vulnerabilities and apply the necessary updates. By promptly addressing these issues, organizations can enhance their security posture and protect against potential threats.