Security News > 2023 > June > Cisco fixes AnyConnect bug giving Windows SYSTEM privileges
Cisco has fixed a high-severity vulnerability found in Cisco Secure Client software that can let attackers escalate privileges to the SYSTEM account used by the operating system.
"An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process."
The company's Product Security Incident Response Team is yet to find any evidence of malicious use in the wild or public exploit code targeting the bug.
In October, Cisco warned customers to patch two other AnyConnect security flaws-with public exploit code and addressed three years ago-due to in-the-wild exploitation.
The bugs let threat actors execute arbitrary code on targeted Windows devices with SYSTEM privileges when chained with other privilege escalation flaws.
Two years ago, Cisco patched an AnyConnect zero-day with public exploit code in May 2021 with a six-month delay after providing mitigation measures to decrease the attack surface when it was disclosed in November 2020.