Cisco AppDynamics, Duo Authentication, Secure Client, Secure Client for Linux and small business wireless access points are vulnerable. Security patches are available for download.
Advertisement
Root gap
Secure Client for Linux has a vulnerability (CVE-2024-20338 “high“) vulnerable in the ISE Posture module. The flaw allows attackers to push a library contaminated with malicious code into the file system and execute their own code. If that works, he will end up with root rights and can compromise systems. Cisco states that the Issue 5.1.2.42 is repaired.
In addition, the Secure Client editions for Linux, macOS and Windows have another vulnerability (CVE-2024-20337 “high“) attackable. At this point, checking user input is inaccurate. If an attacker clicks on a link prepared by an attacker, a valid SAML token can be leaked and enable unauthorized access.
The developers state that editions before 4.10.04065 are not vulnerable. In the Versions 10/4/08025 and 5.1.2.42 Security patches have been included.
More security vulnerabilities
In addition, secured versions for Small Business 100, 300 and 500 Wireless Access Points, Duo Authentication and App Dynamics have been released. This is where attackers can, among other things, launch malicious code attacks. The vulnerabilities are with the threat level “medium“classified. Further information about threatened and secured versions can be found in the linked warning messages.
List sorted in descending order by threat level:
(of)