Cisco has fixed a highly severe flaw in its business VPN – so patch now

By Nick Heyman On Jun 8, 2023

Cisco released a patch for a high-severity flaw that was plaguing its Cisco Secure Client. The flaw, tracked as CVE-2023-20178, allowed threat actors elevate account privileges and tamper with the system on the admin level. No interaction on the victim’s side was necessary.

“This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the upgrade process,” Cisco said in its security advisory published with the patch. “An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process.”

Cisco Secure Client is a VPN/ZNTA solution that enables remote working opportunities for employees, and endpoint management and telemetry features for administrators.

Not abused (yet)

To remove the threat, users are advised to bring AnyConnect Secure Mobility Client for Windows to version 4.10MR7 and Cisco Secure Client for Windows to version 5.0MR2.

Not all versions of the product are vulnerable, though. For macOS and Linux, the Cisco Secure Client and AnyConnect Secure Mobility Client are both fine, as too is the Secure Client-AnyConnect for Android and the Secure Client AnyConnect VPN for iOS.

Elsewhere in the security advisory, Cisco also said that there is no evidence of the flaw being used in the wild. There are also no malware variants out there looking to leverage the flaw, the company claims.

The last time we heard of Cisco AnyConnect was in October last year, when the company urged its customers to apply a fix for a newly discovered flaw that had been sitting unnoticed for several years and was only discovered after being abused by criminals.

At the time, Cisco said it unearthed two flaws – CVE-2020-3433 and CVE-2020-3153, found in the Cisco AnyConnect Secure Mobility Client for Windows which would have allowed local threat actors to run DLL hijacking attacks and use system-level privileges to copy files to system directories. The result is arbitrary code execution on endpoints with system privileges.

Via: BleepingComputer

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TheDailyCheck is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected] The content will be deleted within 24 hours.