Security News > 2020 > November > Cisco discloses AnyConnect VPN zero-day, exploit code available

Cisco discloses AnyConnect VPN zero-day, exploit code available
2020-11-04 12:22

Cisco has disclosed today a zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client software with proof-of-concept exploit code publicly available.

While security updates are not yet available for this arbitrary code execution vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release.

The Cisco AnyConnect Secure Mobility Client security flaw has not yet been exploited in the wild according to the Cisco Product Security Incident Response Team.

The high severity vulnerability tracked as CVE-2020-3556 exists in the interprocess communication channel of Cisco AnyConnect Client and it may allow authenticated and local attackers to execute malicious scripts via a targeted user.

Cisco today also fixed 11 other high severity and 23 medium severity security bugs in multiple products that could lead to denial of service or arbitrary code execution on vulnerable devices.


News URL

https://www.bleepingcomputer.com/news/security/cisco-discloses-anyconnect-vpn-zero-day-exploit-code-available/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-06 CVE-2020-3556 Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.9(3052)/98.145(86)
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script.
local
low complexity
cisco
7.3
7.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751