Lasso SAML Implementation Vulnerability Affecting Cisco Products
On June 1st 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.
For a description of this vulnerability, see lasso.git NEWS.
Cisco is investigating its product line to determine which products may be affected by this vulnerability and the impact on each affected product. As the investigation progresses, Cisco will update this advisory with information about affected products.
This has been assigned CVE number – CVE-2021-28091
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.