Cisco Releases Security Advisories for Multiple Products - 20240308001¶
Overview¶
Cisco released security updates to address vulnerabilities in Cisco Secure Client and Secure Client for Linux. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.
What is vulnerable?¶
| Product(s) Affected | Version | CVE | Severity | CVSS |
|---|---|---|---|---|
| Cisco Secure Client | before 4.10.04065 after 4.10.04065 to 4.10.08025, 5.0, 5.1 |
CVE-2024-20337 | High | 8.2 |
| Cisco Secure Client for Linux | before 5.1.2.42 |
CVE-2024-20338 | High | 7.3 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):
- CISA Alerts
- Cisco Secure Client Carriage Return Line Feed Injection Vulnerability
- Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability