Numerous vulnerabilities across multiple Cisco offerings have been resolved as part of newly issued patches, SecurityWeek reports.
Included in the addressed flaws were a pair of high-severity bugs impacting Cisco's Secure Client enterprise VPN app, with CVE-2024-20337 potentially exploitable to cause carriage return line feed injection attacks against Windows, macOS, and Linux versions of the app that have the SAML External Browser feature activated in the VPN headend. On the other hand, only Secure Client for Linux is impacted by CVE-2024-20338, which could be exploited to prompt arbitrary code execution in devices with root privileges, according to Cisco. Additional fixes have also been released to address medium-severity data exposure and secondary authentication bypass flaws impacting AppDynamics Controller and Duo Authentication for Windows Logon and RDP. However, Cisco will no longer remediate two medium-severity flaws affecting end-of-life Small Business Access Point offerings. None of the resolved and ignored flaws were observed to be actively exploited.
