Cisco AnyConnect/Secure Client Vulnerability Exploit
Date of Notice: 06/22/2023
Action Level - High
A vulnerability affecting Cisco Secure Client Software (AKA AnyConnect Secure Mobility Client) for Windows is now under threat of active exploitation after proof-of-concept code was released this week. If exploited, this vulnerability could allow an attacker with low-level access to escalate privileges to the Windows SYSTEM account on an unpatched device. This exploit is relatively uncomplex and will likely be utilized by attackers in the near future, so immediate investigation and patching of impacted systems is recommended.
- Cisco AnyConnect Secure Mobility for Windows : 4.10MR7 (4.10.07061)
- Cisco Secure Client for Windows : 5.0MR2 (5.0.02075)
An attacker with access to a vulnerable system and the ability to authenticate at any level.
Proof of concept code for this exploit has been released, and active exploitation is likely in the very near future.
There are no known mitigations for this vulnerability
Update to a current supported version of AnyConnect Secure Mobility / Secure Client.