{"vulnerability": "CVE-2024-20337", "sightings": [{"uuid": "09d998cf-2d0c-4047-a092-5b0905617b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6771", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-20337 POC Cisco Secure Client CRLF RCE and unauthorized remote access to VPN sessions\nURL\uff1ahttps://github.com/swagcraftedd/CVE-2024-20337-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-10T06:17:24.000000Z"}, {"uuid": "5809c553-c10c-42a3-9096-1661807ed29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ap_security/495", "content": "#itnews #infosec\n\nCisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0432\u044b\u0441\u043e\u043a\u043e \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 VPN \u0432 Secure Client\ud83c\udff4\u200d\u2620\ufe0f\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Secure Client, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f VPN-\u0441\u0435\u0441\u0441\u0438\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f-\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u043a\u043e\u0434\u043e\u0432\u044b\u043c \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c CVE-2024-20337 (CVSS score: 8.2), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 CRLF\n\n\u0412\u043e\u0437\u043d\u0438\u043a\u0430\u044f \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a, \u0447\u0442\u043e\u0431\u044b \u043e\u0431\u043c\u0430\u043d\u043e\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0435 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f VPN-\u0441\u0435\u0441\u0441\u0438\u0438", "creation_timestamp": "2024-03-09T10:21:33.000000Z"}, {"uuid": "add79f87-1eac-43b7-b728-90ba7a11de34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "Telegram/huaxANwb_3-GYLMpbOhauKE2iba1wUBKyxZrBJOnlk3UGg", "content": "", "creation_timestamp": "2024-03-08T13:17:00.000000Z"}, {"uuid": "a2a07608-a6a8-42d9-a991-fc633b51603e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/arpsyndicate/4151", "content": "#ExploitObserverAlert\n\nCVE-2024-20337\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20337. A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.   This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-08T02:42:36.000000Z"}, {"uuid": "9a5d99a5-1f16-42f6-af0f-8dd99dfca6a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "Telegram/om41bhtexu6EH2VRF4O26t18r89Dj-HJSWZ2_e-In0v8Eg", "content": "", "creation_timestamp": "2024-03-08T09:54:04.000000Z"}, {"uuid": "7f82b8be-7adc-477c-b8ad-5df1a4b9a9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/KomunitiSiber/1606", "content": "Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client\nhttps://thehackernews.com/2024/03/cisco-issues-patch-for-high-severity.html\n\nCisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user.\nThe networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF", "creation_timestamp": "2024-03-08T10:07:09.000000Z"}, {"uuid": "65fc7a04-0a48-4d0f-b8b6-376fc7136b36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ctinow/204263", "content": "https://ift.tt/KnhEojY\nCVE-2024-20337 Exploit", "creation_timestamp": "2024-03-10T14:16:42.000000Z"}, {"uuid": "aeeb373b-92c6-4ccb-a947-b2a259f6ba81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ctinow/203247", "content": "https://ift.tt/EhRZCnd\nCisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)", "creation_timestamp": "2024-03-08T12:21:34.000000Z"}, {"uuid": "3e0cdcfa-3f51-4ab4-9587-673e8cc82bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ctinow/201616", "content": "https://ift.tt/A5VckWr\nCVE-2024-20337", "creation_timestamp": "2024-03-06T18:26:41.000000Z"}, {"uuid": "716830e4-a1bf-4889-af33-8b2b2566d899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/thehackernews/4657", "content": "\ud83d\udea8 Cisco issued patches for a high-severity flaw (CVE-2024-20337) in Secure Client software on Windows, Linux, and macOS. Attackers could hijack VPN sessions. \n \nCheck and update now: https://thehackernews.com/2024/03/cisco-issues-patch-for-high-severity.html", "creation_timestamp": "2024-03-08T10:07:10.000000Z"}]}