Security News > 2021 > June > Vulnerability in Lasso Library Impacts Products From Cisco, Akamai

Vulnerability in Lasso Library Impacts Products From Cisco, Akamai
2021-06-02 12:06

A high-severity vulnerability discovered recently in an open source library named Lasso has been found to impact products from Cisco and Akamai, as well as Linux distributions.

The vulnerability, tracked as CVE-2021-28091, was initially reported to Akamai as it was discovered in the company's Enterprise Application Access product, which uses Lasso to verify SAML assertions for applications when a customer configures SAML authentication with third-party identity providers.

Further analysis by Akamai showed that the flaw, which allows an attacker to impersonate valid users, was introduced by the use of Lasso and products from other vendors are affected as well.

Akamai determined that the vulnerability also impacts the SOGo and PacketFence packages maintained by Inverse, which Akamai acquired recently.

Cisco has also confirmed the use of the Lasso library and the networking giant is working on determining which of its products are impacted.

Lasso developers patched the vulnerability on June 1 with the release of version 2.7.0.


News URL

http://feedproxy.google.com/~r/securityweek/~3/wpgsUHfh-Sg/vulnerability-lasso-library-impacts-products-cisco-akamai

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-06-04 CVE-2021-28091 Improper Verification of Cryptographic Signature vulnerability in multiple products
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
network
low complexity
entrouvert debian fedoraproject CWE-347
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4479 238 3131 1866 616 5851