Vulnerabilities

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability

A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure.

Published

A security researcher has published proof-of-concept (PoC) code targeting a recently patched high-severity vulnerability in the Cisco AnyConnect Secure Mobility Client and Secure Client for Windows.

The software allows remote employees to connect to an organization’s network using a secure virtual private network (VPN) and provides monitoring capabilities.

Tracked as CVE-2023-20178 (CVSS score of 7.8), the security defect impacts the client update process of the software, allowing a local attacker with low-privileges to elevate their access and execute code with System privileges.

“This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process,” Cisco explains in an advisory.

At large, this is an arbitrary folder delete issue that can be triggered during the software update process, when a temporary folder is created to store copies of files that are being modified, to allow a rollback if the installation process is not completed.

An attacker with knowledge of this temporary folder can run an exploit containing an executable file designed to start an update process but trigger a rollback midway. At the same time, the exploit continuously attempts to replace the contents of the temporary folder with malicious files.

Once the update process halts, Windows attempts to restore the files in the temporary folder to their original location, but instead consumes the attacker’s malicious content.

This week, security researcher Filip Dragovic, who reported CVE-2023-20178 to Cisco, released a PoC that works in a similar manner, triggering an arbitrary file delete with System privileges.

Advertisement. Scroll to continue reading.

The researcher says he tested the PoC on Secure Client version 5.0.01242 and AnyConnect Secure Mobility Client version 4.10.06079. Only the Windows iterations of the software are impacted.

Cisco addressed CVE-2023-20178 in early June with the release of AnyConnect Secure Mobility Client version 4.10.07061 and Secure Client version 5.0.02075.

Related: Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions

Related: Cisco Says PoC Exploits Available for Newly Patched Enterprise Switch Vulnerabilities

Related: Cisco Warns of Critical Vulnerability in EoL Phone Adapters

In this article:,

Related Content

Vulnerabilities

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability

Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available.

April 18, 2024
Cisco

Artificial Intelligence

Cisco Unveils AI-Native Enterprise Security Solution Hypershield

Cisco announces Hypershield, an AI-native and cloud-native enterprise security solution with a wide range of capabilities.

April 18, 2024

Data Breaches

Cisco Duo Says Hack at Telephony Supplier Exposed MFA SMS Logs

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

April 15, 2024

Vulnerabilities

Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits

Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days.

April 8, 2024

Network Security

Cisco Warns of Vulnerability in Discontinued Small Business Routers

Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers.

April 5, 2024

Network Security

Cisco Patches DoS Vulnerabilities in Networking Products

Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS).

March 28, 2024

IoT Security

$200,000 Awarded at Pwn2Own 2024 for Tesla Hack

Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software.

March 21, 2024

Vulnerabilities

Cisco Patches High-Severity IOS RX Vulnerabilities 

Cisco releases patches for high-severity denial-of-service and elevation of privilege vulnerabilities in IOS RX software.

March 14, 2024

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version