Cisco Fixes AnyConnect Bug Giving Windows SYSTEM Privileges
Cyber Security Threat Summary:
Cisco recently addressed a high-severity flaw in its Cisco Secure Client software that could allow threat actors to escalate privileges to the SYSTEM account used by the operating system. “Cisco Secure Client enables employees to work from anywhere via a secure Virtual Private Network (VPN) and provides admins with endpoint management and telemetry features” (Bleeping Computer, 2023). Tracked as CVE-2023-20178, the vulnerability can be exploited in low complexity attacks as no user interaction is required. Impacted products include Cisco AnyConnect Secure Mobility Client for Windows Software versions 4.10 and earlier and Cisco Secure Client for Windows Software version 5.0.
Note: the following products are not affected by the vulnerability:
Security Officer Comments:
According to Cisco, the “vulnerability exists because improper permissions are assigned to a temporary directory that is created during the upgrade process.” Furthermore, a threat actor could exploit CVE-2023-20178 by taking advantage of a specific function of the Windows installer process.
At the time of writing, Cisco is not aware of any evidence of the active exploitation of CVE-2023-20178. However, given the public disclosure, it won’t be long before threat actors leverage the flaw to launch attacks on vulnerable devices.
Suggested Correction(s):
CVE-2023-20178 was addressed in Cisco AnyConnect Secure Mobility Client for Windows Software version 4.10MR7 and in Cisco Secure Client for Windows Software version 5.0MR2. Users should update to a fixed release as soon as possible to prevent potential attacks.
Link(s):
https://www.bleepingcomputer.com/