On June 1st 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.
For a description of this vulnerability, see lasso.git NEWS.
Cisco is investigating its product line to determine which products may be affected by this vulnerability and the impact on each affected product. As the investigation progresses, Cisco will update this advisory with information about affected products.
This has been assigned CVE number – CVE-2021-28091