{"uuid": "a2a07608-a6a8-42d9-a991-fc633b51603e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/arpsyndicate/4151", "content": "#ExploitObserverAlert\n\nCVE-2024-20337\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20337. A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.   This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-08T02:42:36.000000Z"}