Exploit Released for Cisco AnyConnect Bug Giving SYSTEM Privileges

Cyber Security Threat Summary:
“A proof-of-concept exploit code has been released for a high-severity vulnerability in Cisco Secure Client Software for Windows, previously known as AnyConnect Secure Mobility Client. This flaw, tracked as CVE-2023-20178, allows authenticated attackers to escalate privileges to the SYSTEM account, which is used by the Windows operating system. The vulnerability can be exploited without user interaction and takes advantage of a specific function in the Windows installer process. Cisco has already released security updates to address the issue. However, a security researcher published the PoC exploit code earlier this week, highlighting the arbitrary file deletion vulnerability. By manipulating the behavior of the vpndownloader.exe process, an attacker can delete files and directories, leading to privilege escalation.” (BleepingComputer, 2023).

Security Officer Comments:
Proof-of-concept (PoC) codes can be risky because they make it easy for attackers to replicate and modify the code for their own attacks. When PoC codes are publicly available, they become accessible to a wide range of individuals, including less skilled attackers. This increases the likelihood of successful attacks and can lead to delayed patching efforts. Attackers can also refine their techniques by analyzing the code and making improvements. Responsible disclosure is important to ensure the secure handling of PoC codes and to prompt timely fixes and proactive defense measures.

Mitigation: Cisco has previously faced security flaws in its AnyConnect software, emphasizing the importance of promptly applying patches and updates.

Link(s):
https://www.bleepingcomputer.com/