Security News > 2022 > October > Cisco AnyConnect Windows client under active attack

Cisco AnyConnect Windows client under active attack
2022-10-26 20:31

Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers.

One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code with SYSTEM-level privileges.

Cisco first alerted customers about this bug in August 2020, and previously warned that proof-of-concept exploit code was publicly available.

"In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."

The second Cisco vulnerability, tracked as CVE-2020-3153, is in the installer component of the AnyConnect Secure Mobility Client for Windows, and it also requires a logged-in user or malware on a system to exploit.

A day before the vendor released its own security update, the US Cybersecurity and Infrastructure Agency added both of the Cisco AnyConnect Secure Mobility Client for Windows bugs to its Known Exploited Vulnerabilities Catalog.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/10/26/cisco_vpn_bugs_exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-3433 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack.
local
low complexity
cisco CWE-427
7.8
2020-02-19 CVE-2020-3153 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges.
local
low complexity
cisco CWE-427
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751