PoC Exploit Published for CISCO AnyConnect Secure Vulnerability
Proof-of-concept exploit code has been released for a high-severity vulnerability in AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows. Users that have yet to apply the patch should do so immediately to prevent exploitation. Unpatched flaws in Cisco Secure Client Software have been targeted by malicious actors in the past.
Cisco Secure Client Software is a remote access solution that allows employees to connect to the network from any location via a Virtual Private Network and is used by IT admins for endpoint management. The vulnerability is tracked as CVE-2023-20178 and has a CVSS base score of 7.8.
The vulnerability affects the client update process and can be exploited by an authenticated, local attacker to elevate privileges to SYSTEM level. The vulnerability is due to improper permissions on a temporary directory created during the update process and can be exploited by abusing a specific function of the Windows installer process. An attack exploiting the vulnerability has low complexity and requires no user interaction. The vulnerability was discovered by security researcher, Filip Dragovic, who reported the flaw to CISCO. He recently published the PoC exploit after successfully testing it on Secure Client version 5.0.01242 and AnyConnect Secure Mobility Client version 4.10.06079.
CISCO says there are no workarounds and patching is the only way to fix the vulnerability and prevent exploitation. A patch to fix the flaw was released on June 13, 2023, and, at the time of release, there had been no detected instances of exploitation. The flaw has been corrected in AnyConnect Secure Mobility Client for Windows 4.10MR7 and Cisco Secure Client for Windows 5.0MR2.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
