Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user,” Cisco says, but notes that “individual hosts and services behind the VPN headend would still need additional credentials for … More

The post Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) appeared first on Help Net Security.