Cisco informed customers on Wednesday that it’s working on a patch for a code execution vulnerability affecting its AnyConnect product. The company says a proof-of-concept (PoC) exploit is available.
The Cisco AnyConnect Secure Mobility Client is designed to provide secure VPN access for remote workers.
According to the networking giant, the product is affected by a flaw, tracked as CVE-2020-3556, that can be exploited by a local, authenticated attacker to cause an AnyConnect user to execute a malicious script.
The vulnerability is related to the lack of authentication for the interprocess communication (IPC) listener. The Linux, Windows and macOS versions of the AnyConnect Secure Mobility Client are affected if both the Auto Update and Enable Scripting settings are enabled. The latter is disabled by default.
“An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user,” Cisco said in its advisory.
“In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run,” it added.
There are no workarounds for the vulnerability, but concerned users can disable the Auto Update or Enable Scripting settings to prevent exploitation. The company has decided to disclose it as it has become aware of the availability of a PoC exploit, but says it’s not aware of ..
Support the originator by clicking the read the rest link below.
