Security News > 2023 > June > Cisco fixes AnyConnect bug giving Windows SYSTEM privileges

Cisco fixes AnyConnect bug giving Windows SYSTEM privileges
2023-06-07 18:29

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client software that can let attackers escalate privileges to the SYSTEM account used by the operating system.

"An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process."

The company's Product Security Incident Response Team is yet to find any evidence of malicious use in the wild or public exploit code targeting the bug.

In October, Cisco warned customers to patch two other AnyConnect security flaws-with public exploit code and addressed three years ago-due to in-the-wild exploitation.

The bugs let threat actors execute arbitrary code on targeted Windows devices with SYSTEM privileges when chained with other privilege escalation flaws.

Two years ago, Cisco patched an AnyConnect zero-day with public exploit code in May 2021 with a six-month delay after providing mitigation measures to decrease the attack surface when it was disclosed in November 2020.


News URL

https://www.bleepingcomputer.com/news/security/cisco-fixes-anyconnect-bug-giving-windows-system-privileges/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751