Lasso SAML Implementation Vulnerability Affecting Cisco Products: June 2021

On June 1, 2021, Lasso disclosed a security vulnerability in the Lasso Security Assertion Markup Language (SAML) Single Sign-On (SSO) library. This vulnerability could allow an authenticated attacker to impersonate another authorized user when interacting with an application.

For a description of this vulnerability, see lasso.git NEWS.

This advisory will be updated as additional information becomes available.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lasso-saml-jun2021-DOXNRLkD

Security Impact Rating: High

CVE: CVE-2021-28091

Source:: Cisco Security Advisories