Security News

Proof-of-concept exploit code for the high-severity vulnerability in Cisco Secure Client Software for Windows and Cisco AnyConnect Secure Mobility Client Software for Windows has been published. Cisco Secure Client Software - previously known as Cisco AnyConnect Secure Mobility Client - is unified endpoint security software designed to assist businesses in expanding their network access capabilities and enabling remote employees to connect via both wired and wireless connections, including VPN. In early June, Cisco published a security advisory about CVE-2023-20178, a vulnerability in the client update process of both Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows.

Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows that can let attackers elevate privileges to SYSTEM. Cisco Secure Client helps employees to work from anywhere using a secure Virtual Private Network and provides network admins with telemetry and endpoint management features.Cisco released security updates to address this security bug last Tuesday when it said its Product Security Incident Response Team did not have evidence of malicious use or public exploit code targeting the bug in the wild.

Cisco has fixed a high-severity vulnerability found in Cisco Secure Client software that can let attackers escalate privileges to the SYSTEM account used by the operating system."An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process."