Security News > 2023 > June > PoC exploit released for Cisco AnyConnect, Secure Client vulnerability (CVE-2023-20178)

Proof-of-concept exploit code for the high-severity vulnerability in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published.
Cisco Secure Client Software - previously known as Cisco AnyConnect Secure Mobility Client - is unified endpoint security software designed to assist businesses in expanding their network access capabilities and enabling remote employees to connect via both wired and wireless connections, including VPN. In early June, Cisco published a security advisory about CVE-2023-20178, a vulnerability in the client update process of both Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows.
"This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges," the Cisco advisory revealed.
The vulnerability has been reported by security researcher Filip Dragović.
Since there are no workarounds, users have been advised to update the software as soon as possible, to either AnyConnect Secure Mobility Client for Windows 4.10MR7 or Cisco Secure Client Software for Windows 5.0MR2. The flaw does not affect Cisco AnyConnect Secure Mobility Client and Cisco Secure Client for Linux and macOS, nor Cisco Secure Client-AnyConnect for Android and iOS. CVE-2023-20178 PoC. On Thursday, Cisco confirmed that a PoC exploit has been published by the same researcher.
The vulnerability is easy to weaponize, but attackers must first gain access to the target system by other means to be able to exploit it and elevate their privileges.
News URL
https://www.helpnetsecurity.com/2023/06/23/cve-2023-20178-poc/
Related news
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
- Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan (source)
- PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-28 | CVE-2023-20178 | Incorrect Default Permissions vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Client A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. | 7.8 |