Security News > 2022 > October > Cisco warns admins to patch AnyConnect flaw exploited in attacks
Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.
The AnyConnect Secure Mobility Client simplifies secure enterprise endpoint access and enables employees to work from anywhere while connected to a secure Virtual Private Network through Secure Sockets Layer and IPsec IKEv2.
The two security flaws enable local attackers to perform DLL hijacking attacks and copy files to system directories with system-level privileges.
They could be chained with Windows privilege escalation flaws, especially since proof-of-concept exploits are already available online for both CVEs [1, 2]. Today, two years after patching them in 2020, Cisco updated the security advisories to ask admins to update the vulnerable software and block ongoing attacks.
"In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild," the company warned.
Once added to CISA's list of bugs exploited in attacks, all Federal Civilian Executive Branch Agencies agencies are required by a binding operational directive from November 2021 to apply patches or mitigation measures.