Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user,” Cisco says, but notes that “individual hosts and services behind the VPN headend would still need additional credentials for … More →

The post …

access access point attacker attackers authentication authentication token cisco cisco patches cisco secure client cve don't miss endpoint endpoint security enterprise exploited flaw grab high hot stuff patches remote access reveal saml security security update severity smbs solution token tokens unauthenticated valid vpn vulnerabilities vulnerability