Security News > 2022 > October > Cisco warns admins to patch AnyConnect flaw exploited in attacks

Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.
The AnyConnect Secure Mobility Client simplifies secure enterprise endpoint access and enables employees to work from anywhere while connected to a secure Virtual Private Network through Secure Sockets Layer and IPsec IKEv2.
The two security flaws enable local attackers to perform DLL hijacking attacks and copy files to system directories with system-level privileges.
They could be chained with Windows privilege escalation flaws, especially since proof-of-concept exploits are already available online for both CVEs [1, 2]. Today, two years after patching them in 2020, Cisco updated the security advisories to ask admins to update the vulnerable software and block ongoing attacks.
"In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild," the company warned.
Once added to CISA's list of bugs exploited in attacks, all Federal Civilian Executive Branch Agencies agencies are required by a binding operational directive from November 2021 to apply patches or mitigation measures.
News URL
Related news
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
- New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)