Security News > 2022 > October > Cisco AnyConnect Windows client under active attack
Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers.
One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code with SYSTEM-level privileges.
Cisco first alerted customers about this bug in August 2020, and previously warned that proof-of-concept exploit code was publicly available.
"In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability."
The second Cisco vulnerability, tracked as CVE-2020-3153, is in the installer component of the AnyConnect Secure Mobility Client for Windows, and it also requires a logged-in user or malware on a system to exploit.
A day before the vendor released its own security update, the US Cybersecurity and Infrastructure Agency added both of the Cisco AnyConnect Secure Mobility Client for Windows bugs to its Known Exploited Vulnerabilities Catalog.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/10/26/cisco_vpn_bugs_exploited/
Related news
- Cisco warns of password-spraying attacks targeting VPN services (source)
- Critical Rust flaw enables Windows command injection attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks (source)
- Cisco warns of large-scale brute-force attacks against VPN services (source)
- Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack (source)
- Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-17 | CVE-2020-3433 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. | 7.8 |
| 2020-02-19 | CVE-2020-3153 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090 A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. | 4.9 |