New PoC Exploit Published for Cisco AnyConnect Flaw Granting System Privileges

Many organizations worldwide have used Cisco AnyConnect VPNs due to their security and other great features.

Cisco has many products for VPN depending upon the platforms with various versions of Software.

Cisco has released a new security advisory that patches a high-severity privilege escalation vulnerability in Cisco AnyConnect Secure Mobility Client for Windows and Cisco Secure Client Software for Windows.

CVE-2023-20178: Cisco AnyConnect Secure

This vulnerability exists in the client update process of the Cisco AnyConnect Mobility Client and Cisco Secure Client Software for Windows, in which a low-privileged, authenticated user can elevate the privilege to SYSTEM and potentially execute administrative commands.

The Security researcher Filip Dragović who discovered the Arbitrary File Delete vulnerability, released the PoC exploit code.

During the client update process, the vpndownloader.exe process creates a directory in the C:\Windows\temp directory, which checks for files or directories inside it and deletes them.

This functionality is executed with SYSTEM privileges which can be exploited by spawning a cmd process and arbitrarily deleting files from the system.

analysis
Image: NT Authority\SYSTEM privilege escalation Source: GitHub (Wh04m1001)

Affected Products

The following products are affected due to this vulnerability,

  • Cisco AnyConnect Secure Mobility Client for Linux
  • Cisco AnyConnect Secure Mobility Client for MacOS
  • Cisco Secure Client-AnyConnect for Android
  • Cisco Secure Client AnyConnect VPN for iOS
  • Cisco Secure Client for Linux
  • Cisco Secure Client for MacOS

Fixed Versions

ProductsFixed in Version
Cisco AnyConnect Secure Mobility Client for Windows Software4.10MR7 (4.10.07061)
Cisco Secure Client for Windows Software5.0MR2 (5.0.02075)

Cisco AnyConnect and Cisco Secure Client users are recommended to upgrade to the latest version to prevent attackers from Cisco AnyConnect Flaws.

Manage and secure Your Endpoints Efficiently – Free Download

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.