June 8, 2023

Cisco Patches Privilege Escalation Vulnerability in AnyConnect

Cisco has patched a high-severity vulnerability found in the Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that could allow low-privileged, local threat actors to escalate privileges to the SYSTEM account used by the operating system in low-complexity attacks without user interaction.

The Vulnerability

• CVE-2023-20178 (CVSS score: 7.8, High-severity) – A privilege escalation vulnerability exists as a result of incorrect permissions assigned to a temporary directory created during the upgrade process.
  An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. If the exploit is successful, the attacker may be able to execute code with SYSTEM privileges.

Affected Product

• Cisco AnyConnect Secure Mobility Client Software for Windows version 4.10 and prior.
• Cisco Secure Client Software for Windows version 5.0.

Mitigation

CYREBRO recommends updating the affected products to an appropriate fixed software release as indicated in CISCO advisory.

References: Cisco Advisory.