03-12-2024 08:44 AM
Hello
About the vulnerability CVE-2024-20337, where cisco recommends upgrading to 5.1.2.42 to fix the vulnerability, but does this also apply to "Sucure Client UI"? Where I'm only have 5.1.0.1047 version- if so, where can I find the latest version for this?
While we are running with the latest on "AnyConnect VPN" 5.1.2.42.
Cisco Secure Client Carriage Return Line Feed Injection Vulnerability
Our Secure Client version:
03-12-2024 09:59 AM
Hi,
5.1.0.1047 is the latest version of the AnyConnect UI available today. The "Secure Client UI" version may not match the version of Secure Client that you install as it has been de-coupled from the version lock requirements.
03-13-2024 01:16 AM
With the version I have, I am covered for the vulnerability CVE-2024-20337 ?
When they write it must be Secure Client which must be on 5.1.2.42
Or should Secure Client be interpreted as Anyconnect VPN
03-13-2024 05:24 AM
Yes you are covered by the vulnerability. The version refers to the package you download from CCO, not any of the specific modules contained in it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide