A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.
With this vulnerability an attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
A vulnerability, which was classified as critical, has been found in Cisco AnyConnect Secure Mobility Client and Secure Client Software on Windows (Network Encryption Software) (unknown version). Impacted is confidentiality, integrity, and availability.
Cisco released a patch for a high-severity flaw that was plaguing its Cisco Secure Client. The flaw, tracked as CVE-2023-20178, allowed threat actors elevate account privileges and tamper with the system on the admin level. No interaction on the victim’s side was necessary.
This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the upgrade process," Cisco said in its security advisory published with the patch. Cisco Secure Client is a VPN/ZNTA solution that enables remote working opportunities for employees, and endpoint management and telemetry features for administrators.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.