New PoC Exploit Published for Cisco AnyConnect Flaw Granting System Privileges

New PoC Exploit Published for Cisco AnyConnect Flaw Granting System Privileges

Many organizations worldwide have used Cisco AnyConnect VPNs due to their security and other great features.

Cisco has many products for VPN depending upon the platforms with various versions of Software.

Cisco has released a new security advisory that patches a high-severity privilege escalation vulnerability in Cisco AnyConnect Secure Mobility Client for Windows and Cisco Secure Client Software for Windows.

CVE-2023-20178: Cisco AnyConnect Secure

This vulnerability exists in the client update process of the Cisco AnyConnect Mobility Client and Cisco Secure Client Software for Windows, in which a low-privileged, authenticated user can elevate the privilege to SYSTEM and potentially execute administrative commands.

The Security researcher Filip Dragović who discovered the Arbitrary File Delete vulnerability, released the PoC exploit code.

During the client update process, the vpndownloader.exe process creates a directory in the C:Windowstemp directory, which checks for files or directories inside it and deletes them.

This functionality is executed with SYSTEM privileges which can be exploited by spawning a cmd process and arbitrarily deleting files from the system.

Image: NT AuthoritySYSTEM privilege escalation Source: GitHub (Wh04m1001)

Affected Products

The following products are affected due to this vulnerability,

Cisco AnyConnect Secure Mobility Client for Linux

Cisco AnyConnect Secure Mobility Client for MacOS

Cisco Secure Client-AnyConnect for Android

Cisco Secure Client AnyConnect VPN for iOS

Cisco Secure Client for Linux

Cisco Secure Client for MacOS

Fixed Versions

ProductsFixed in VersionCisco AnyConnect Secure Mobility Client for Windows Software4.10MR7 (4.10.07061)Cisco Secure Client for Windows Software5.0MR2 (5.0.02075)

Cisco AnyConnect and Cisco Secure Client users are recommended to upgrade to the latest version to prevent attackers from Cisco AnyConnect Flaws.

Manage and secure Your Endpoints Efficiently – Free Download

The post New PoC Exploit Published for Cisco AnyConnect Flaw Granting System Privileges appeared first on Cyber Security News.

   Read More 

Cyber Security News