Attention all organizations relying on the Cisco AnyConnect Secure Mobility Client and Secure Client for Windows! A recent high-severity vulnerability, CVE-2023-20178, has been discovered and patched, but the implications are significant. It allows attackers to exploit the client update process, elevating their access privileges and executing code with System-level control. Don't wait for a breach to occur; take immediate action to safeguard your network.
The Vulnerability Unveiled:
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.
This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
The Impact and Research Findings:
Security researcher Filip Dragovic recently reported this vulnerability, publishing a proof-of-concept (PoC) code that replicates the arbitrary file delete issue with System privileges. Dragovic successfully tested the PoC on Secure Client version 5.0.01242 and AnyConnect Secure Mobility Client version 4.10.06079. It is crucial to note that only the Windows iterations of the software are affected.
Cisco's Response and Patch:
Addressing the seriousness of CVE-2023-20178, Cisco promptly released patched versions in early June. To ensure your network's security, update your software to the latest versions: AnyConnect Secure Mobility Client version 4.10.07061 and Secure Client version 5.0.02075.
Protect Your Network with Armoryze:
While patching is critical, it's also essential to proactively strengthen your network security. Consider implementing Armoryze's comprehensive Zero Trust Network Access (ZTNA) solution. By migrating from Cisco AnyConnect VPN to Armoryze ZTNA, you can fortify your defenses and gain additional advantages:
Act Now to Secure Your Network:
Don't wait for a security incident to disrupt your operations and compromise sensitive data. Update your Cisco AnyConnect software immediately, and consider migrating to Armoryze ZTNA for enhanced network security. Strengthen your defenses, mitigate risks, and ensure uninterrupted productivity.
Contact our security team to learn more about Armoryze ZTNA and take the first step towards securing your network against evolving threats. Together, let's build a resilient and impenetrable shield for your organization's valuable assets.