AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Cisco VPN vulnerability test model revealed

Security researcher publishes proof-of-concept model (PoC) leveraging a recently fixed flaw in Cisco's VPN software, highlighting potential security threat to corporate networks

This pill is also available in Italian language

A security researcher recently revealed a proof of concept (PoC) model targeting a recently fixed security vulnerability in the Cisco AnyConnect Secure Mobility Client and Secure Client for Windows VPN applications. This software allows remote working employees to connect to the organization's network through a secure Virtual Private Network (VPN), while also offering monitoring capabilities.

Vulnerability details

Identified as CVE-2023-20178 and with a CVSS severity score of 7.8, the security flaw affects the software update process. This allows a local attacker with limited privileges to increase his access and execute code with System privileges. "The vulnerability resides in the fact that improper permissions are assigned to a temporary directory created during the upgrade process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installation process," Cisco explained in its release.

How the attack works

In general, this is an arbitrary folder deletion issue that can be triggered during the software update process, when a temporary folder is created to store copies of the files being edited, to allow for recovery in the event of a crash. installation failure. An attacker with knowledge of this temporary folder could run an exploit that contains an executable file designed to start the update process but causes a mid-process restore. Meanwhile, the exploit continually tries to replace the contents of the temporary folder with malicious files.

The PoC and Cisco's response

After the update process is interrupted, Windows tries to restore the files to their original location from the temporary folder, but instead finds itself dealing with the attacker's malicious files. This week, security researcher Filip Dragovic, who reported CVE-2023-20178 to Cisco, released a PoC that works in a similar way, triggering an arbitrary deletion of files with System privileges. Dragovic says it has tested the PoC on Secure Client versions 5.0.01242 and AnyConnect Secure Mobility Client 4.10.06079, emphasizing that only the Windows versions of the software are vulnerable. Cisco responded to issue CVE-2023-20178 in early June with the release of updated versions of the AnyConnect Secure Mobility Client (4.10.07061) and Secure Client (5.0.02075).

Follow us on Threads for more pills like this

06/22/2023 13:06

Editorial AI

Complementary pills

Patch released by Cisco to fix vulnerabilities that expose switches and firewalls to Denial of Service...Protect your network: Cisco security solutions to counter DoS attacks on switches and firewalls

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat