{"vulnerability": "cve-2024-2033", "sightings": [{"uuid": "5809c553-c10c-42a3-9096-1661807ed29a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ap_security/495", "content": "#itnews #infosec\n\nCisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0432\u044b\u0441\u043e\u043a\u043e \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0430 VPN \u0432 Secure Client\ud83c\udff4\u200d\u2620\ufe0f\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Cisco \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u043c \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u0438 Secure Client, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0434\u043b\u044f \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u044f VPN-\u0441\u0435\u0441\u0441\u0438\u0438 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f-\u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u043f\u0438\u0441\u0430\u043b\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0434 \u043a\u043e\u0434\u043e\u0432\u044b\u043c \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c CVE-2024-20337 (CVSS score: 8.2), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443 CRLF\n\n\u0412\u043e\u0437\u043d\u0438\u043a\u0430\u044f \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0434\u0430\u043d\u043d\u044b\u0445, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u043e\u0442 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u043a, \u0447\u0442\u043e\u0431\u044b \u043e\u0431\u043c\u0430\u043d\u043e\u043c \u0437\u0430\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043f\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u0441\u0441\u044b\u043b\u043a\u0435 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f VPN-\u0441\u0435\u0441\u0441\u0438\u0438", "creation_timestamp": "2024-03-09T10:21:33.000000Z"}, {"uuid": "a3a3a4cc-39cd-4703-9b11-b91e2957653e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20336", "type": "seen", "source": "https://t.me/arpsyndicate/4150", "content": "#ExploitObserverAlert\n\nCVE-2024-20336\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20336. A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-08T02:38:47.000000Z"}, {"uuid": "9a5d99a5-1f16-42f6-af0f-8dd99dfca6a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "Telegram/om41bhtexu6EH2VRF4O26t18r89Dj-HJSWZ2_e-In0v8Eg", "content": "", "creation_timestamp": "2024-03-08T09:54:04.000000Z"}, {"uuid": "7f82b8be-7adc-477c-b8ad-5df1a4b9a9e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/KomunitiSiber/1606", "content": "Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client\nhttps://thehackernews.com/2024/03/cisco-issues-patch-for-high-severity.html\n\nCisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user.\nThe networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF", "creation_timestamp": "2024-03-08T10:07:09.000000Z"}, {"uuid": "2d48afe0-724d-437c-bc7f-27e8854f4c4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20336", "type": "seen", "source": "https://t.me/ctinow/201615", "content": "https://ift.tt/msNgMnT\nCVE-2024-20336", "creation_timestamp": "2024-03-06T18:26:40.000000Z"}, {"uuid": "09d998cf-2d0c-4047-a092-5b0905617b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/6771", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aCVE-2024-20337 POC Cisco Secure Client CRLF RCE and unauthorized remote access to VPN sessions\nURL\uff1ahttps://github.com/swagcraftedd/CVE-2024-20337-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-03-10T06:17:24.000000Z"}, {"uuid": "65fc7a04-0a48-4d0f-b8b6-376fc7136b36", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ctinow/204263", "content": "https://ift.tt/KnhEojY\nCVE-2024-20337 Exploit", "creation_timestamp": "2024-03-10T14:16:42.000000Z"}, {"uuid": "aeeb373b-92c6-4ccb-a947-b2a259f6ba81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ctinow/203247", "content": "https://ift.tt/EhRZCnd\nCisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)", "creation_timestamp": "2024-03-08T12:21:34.000000Z"}, {"uuid": "122a3845-ba37-4e92-a44a-2577b06fc6f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20338", "type": "seen", "source": "https://t.me/ctinow/201617", "content": "https://ift.tt/CF2kryK\nCVE-2024-20338", "creation_timestamp": "2024-03-06T18:26:42.000000Z"}, {"uuid": "3e0cdcfa-3f51-4ab4-9587-673e8cc82bd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/ctinow/201616", "content": "https://ift.tt/A5VckWr\nCVE-2024-20337", "creation_timestamp": "2024-03-06T18:26:41.000000Z"}, {"uuid": "716830e4-a1bf-4889-af33-8b2b2566d899", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/thehackernews/4657", "content": "\ud83d\udea8 Cisco issued patches for a high-severity flaw (CVE-2024-20337) in Secure Client software on Windows, Linux, and macOS. Attackers could hijack VPN sessions. \n \nCheck and update now: https://thehackernews.com/2024/03/cisco-issues-patch-for-high-severity.html", "creation_timestamp": "2024-03-08T10:07:10.000000Z"}, {"uuid": "46cab88a-8402-441c-b252-cc524914e760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20331", "type": "seen", "source": "https://t.me/cvedetector/8734", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20331 - Cisco ASA and FTD Remote Access SSL VPN Session Authentication Handle Overflow\", \n  \"Content\": \"CVE ID : CVE-2024-20331 \nPublished : Oct. 23, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating.  \n  \nThis vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T19:54:35.000000Z"}, {"uuid": "818830a7-3a00-4830-b2fd-e23dc9e27d71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20330", "type": "seen", "source": "https://t.me/cvedetector/8733", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20330 - \"Cisco Firepower 2100 Series Appliances Snort Detection Engine Memory Corruption Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-20330 \nPublished : Oct. 23, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : A vulnerability in the Snort 2 and Snort 3 TCP and UDP detection engine of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause memory corruption, which could cause the Snort detection engine to restart unexpectedly.  \n  \nThis vulnerability is due to improper memory management when the Snort detection engine processes specific TCP or UDP packets. An attacker could exploit this vulnerability by sending crafted TCP or UDP packets through a device that is inspecting traffic using the Snort detection engine. A successful exploit could allow the attacker to restart the Snort detection engine repeatedly, which could cause a denial of service (DoS) condition. The DoS condition impacts only the traffic through the device that is examined by the Snort detection engine. The device can still be managed over the network.  \nNote: Once a memory block is corrupted, it cannot be cleared until the Cisco Firepower 2100 Series Appliance is manually reloaded. This means that the Snort detection engine could crash repeatedly, causing traffic that is processed by the Snort detection engine to be dropped until the device is manually reloaded. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T19:54:34.000000Z"}, {"uuid": "4358a5f9-bd53-4d60-9b21-009be2ba889a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20339", "type": "seen", "source": "https://t.me/cvedetector/8726", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-20339 - Cisco Firepower FTD TLS Denial of Service Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-20339 \nPublished : Oct. 23, 2024, 5:15 p.m. | 33\u00a0minutes ago \nDescription : A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.  \n  \nThis vulnerability is due to an issue that occurs when TLS traffic is processed. An attacker could exploit this vulnerability by sending certain TLS traffic over IPv4 through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition and impacting traffic to and through the affected device. \nSeverity: 8.6 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-23T19:54:22.000000Z"}, {"uuid": "add79f87-1eac-43b7-b728-90ba7a11de34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "Telegram/huaxANwb_3-GYLMpbOhauKE2iba1wUBKyxZrBJOnlk3UGg", "content": "", "creation_timestamp": "2024-03-08T13:17:00.000000Z"}, {"uuid": "a712b3e7-698c-4a91-8e1d-2efb6e50705d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20338", "type": "seen", "source": "https://t.me/arpsyndicate/4135", "content": "#ExploitObserverAlert\n\nCVE-2024-20338\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20338. A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.  This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-08T01:22:05.000000Z"}, {"uuid": "a2a07608-a6a8-42d9-a991-fc633b51603e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20337", "type": "seen", "source": "https://t.me/arpsyndicate/4151", "content": "#ExploitObserverAlert\n\nCVE-2024-20337\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20337. A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user.   This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-08T02:42:36.000000Z"}, {"uuid": "7242eb72-00f1-418c-b97f-01c4295bd8b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-20335", "type": "seen", "source": "https://t.me/arpsyndicate/4133", "content": "#ExploitObserverAlert\n\nCVE-2024-20335\n\nDESCRIPTION: Exploit Observer has 3 entries in 1 file formats related to CVE-2024-20335. A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-03-08T01:11:38.000000Z"}]}