Cisco AnyConnect/Secure Client Vulnerability Exploit
Date of Notice: 06/22/2023
Action Level - High
Description
A vulnerability affecting Cisco Secure Client Software (AKA AnyConnect Secure Mobility Client) for Windows is now under threat of active exploitation after proof-of-concept code was released this week. If exploited, this vulnerability could allow an attacker with low-level access to escalate privileges to the Windows SYSTEM account on an unpatched device. This exploit is relatively uncomplex and will likely be utilized by attackers in the near future, so immediate investigation and patching of impacted systems is recommended.
Fixed Versions
- Cisco AnyConnect Secure Mobility for Windows : 4.10MR7 (4.10.07061)
- Cisco Secure Client for Windows : 5.0MR2 (5.0.02075)
Attack Vector
An attacker with access to a vulnerable system and the ability to authenticate at any level.
Attack Feasibility
Proof of concept code for this exploit has been released, and active exploitation is likely in the very near future.
Mitigation
There are no known mitigations for this vulnerability
Remediation
Update to a current supported version of AnyConnect Secure Mobility / Secure Client.
Vendor Resources