Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1979
Views
0
Helpful
3
Replies

Cisco Secure CVE-2024-20337

Bali O
Level 1
Level 1

‎03-12-2024 08:44 AM

Hello 

About the vulnerability CVE-2024-20337, where cisco recommends upgrading to 5.1.2.42 to fix the vulnerability, but does this also apply to "Sucure Client UI"? Where I'm only have 5.1.0.1047 version- if so, where can I find the latest version for this?

While we are running with the latest on "AnyConnect VPN" 5.1.2.42.

Cisco Secure Client Carriage Return Line Feed Injection Vulnerability

BaliO_2-1710257943027.png

Our Secure Client version:

BaliO_1-1710257900638.png

 

Labels:
0 Helpful
3 Replies 3

stsargen
Cisco Employee
Cisco Employee

‎03-12-2024 09:59 AM

Hi,

5.1.0.1047 is the latest version of the AnyConnect UI available today.  The "Secure Client UI" version may not match the version of Secure Client that you install as it has been de-coupled from the version lock requirements.

0 Helpful

Bali O
Level 1
Level 1

‎03-13-2024 01:16 AM

With the version I have, I am covered for the vulnerability CVE-2024-20337 ?

When they write it must be Secure Client which must be on 5.1.2.42

Or should Secure Client be interpreted as Anyconnect VPN

0 Helpful

stsargen
Cisco Employee
Cisco Employee
In response to Bali O

‎03-13-2024 05:24 AM

Yes you are covered by the vulnerability.  The version refers to the package you download from CCO, not any of the specific modules contained in it.

0 Helpful
Customers Also Viewed These Support Documents