Cisco AnyConnect urges admins to update now to avoid security threats

By Scott Marlette Last updated Oct 26, 2022

Cisco is urging customers of its AnyConnect service to apply a fix for a several years-old vulnerabilities after it spotted them being abused in the wild.

The two vulnerabilities in question are tracked as CVE-2020-3433 and CVE-2020-3153. They are found in the Cisco AnyConnect Secure Mobility Client for Windows and allow local threat actors to run DLL hijacking attacks and use system-level privileges to copy files to system directories. Should they succeed, they could run arbitrary code on target endpoints with system privileges, it was added.

Exploiting the flaws isn’t that easy, though, as it requires the attackers to have system credentials. However, there are proof-of-concept exploits out there, showing how these vulnerabilities could be tied together with Windows privilege escalation flaws.

Patching recommended

The flaws were patched (opens in new tab) in 2020, but Cisco has now been forced to ring the bell again following evidence pointing to new abuse.

“In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild,” it said. “Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.”

Further proof of exploitation in the wild comes from the US Cybersecurity and Infrastructure Security Agency (CISA). The organization has recently added these two Cisco flaws to its Known Exploited Vulnerabilities catalog – a catalog that lists flaws being used by threat actors. Being added also means all Federal Civilian Executive Branch Agencies (FCEB) are forced, by the November 2021 binding operational directive (BOD 22-01), to apply the patches or otherwise mitigate the problem immediately.

“These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise,” CISA added. Federal agencies have until November 11 to get the job done.

Cisco AnyConnect Secure Mobility Client is a tool offering secure enterprise network access from any endpoint (opens in new tab).

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.