Cisco has resolved a high-severity vulnerability in its Cisco Secure Client software, previously known as AnyConnect Secure Mobility Client.
This flaw could be exploited by local attackers to escalate privileges to the SYSTEM account used by the operating system. The vulnerability, tracked as CVE-2023-20178, arises from improper permissions assigned to a temporary directory during the upgrade process.
The Cisco Secure Client software, which facilitates secure VPN connections and offers endpoint management capabilities, was found to be susceptible to low-complexity attacks that do not require user interaction.
The bug has been fixed in the Windows versions of AnyConnect Secure Mobility Client 4.10MR7 and Cisco Secure Client 5.0MR2. Fortunately, there have been no indications of active exploitation or the existence of public exploit code targeting this vulnerability.
In the past, Cisco has faced security issues with its AnyConnect software, including two flaws that were actively exploited in the wild and enabled arbitrary code execution and privilege escalation.
Such vulnerabilities are frequently exploited by malicious actors and pose significant risks. It is advised for organizations to promptly apply patches and remain vigilant in protecting their systems against potential cyber threats.
