March 7, 2024 at 09:34AM
Cisco announced patches for two high-severity vulnerabilities in Secure Client VPN application, impacting Linux, macOS, and Windows versions. The first issue, tracked as CVE-2024-20337, could be exploited remotely without authentication, while the second bug, tracked as CVE-2024-20338, affects only Secure Client for Linux and requires authentication. Cisco also addressed multiple medium-severity flaws in other products.
From the meeting notes, the key takeaways are:
– Cisco announced patches for two high-severity vulnerabilities in Secure Client, impacting Linux, macOS, and Windows versions. The first vulnerability, CVE-2024-20337, could be exploited remotely without authentication. The second vulnerability, CVE-2024-20338, affects only Secure Client for Linux and requires authentication for successful exploitation.
– The vulnerabilities in Secure Client were addressed with the release of Secure Client versions 4.10.08025 and 5.1.2.42. Version 5.0 does not have any patches available.
– Cisco also announced patches for multiple medium-severity flaws in AppDynamics Controller and Duo Authentication for Windows Logon and RDP.
– Two medium-severity defects in Small Business 100, 300, and 500 APs will remain unpatched as those products have reached end-of-life status.
– Cisco confirmed that it is not aware of any of these vulnerabilities being exploited in the wild. More information can be found on Cisco’s security advisories page.
Additionally, Cisco has recently addressed other critical vulnerabilities in various products, as mentioned in the related articles.