Monday, January 13, 2025
HomeCiscoCisco has Fixed a six-month-Old Zero-day Vulnerability Found in the Cisco AnyConnect

Cisco has Fixed a six-month-Old Zero-day Vulnerability Found in the Cisco AnyConnect

Published on

The Cisco Product Security Incident Response Team (PSIRT) has recently fixed a six-month-old zero-day vulnerability that is tracked as “CVE-2020-3556” in Cisco AnyConnect Security Client. 

This zero-day flaw allows any attackers to execute arbitrary code; so, the experts have strongly recommended all the users to update their client immediately.

AnyConnect is a VPN security client that was launched by Cisco, and the chief function of AnyConnect VPN is to expedite all its users (intending company employees) to work safely on any device. 

No matter where the user is, as it allows all its users to work as usual using the laptops, and mobile devices provided by the company. 

AnyConnect simplifies and secures the terminal access to provide the necessary security measures to guarantee the constant security of the company or organization.

However, in the AnyConnect Secure Mobility Client Software releases 4.10.00093, and later this six-month-old zero-day vulnerability has been addressed.

Flaw Profile

Here we have mentioned all the details of this six-month-old zero-day vulnerability:-

  • CVE ID: CVE-2020-3556
  • CWE ID: CWE-20
  • Advisory ID: cisco-sa-anyconnect-ipc-KfQO9QhK
  • Cisco Bug IDs: CSCvv30103
  • CVSS Score: 7.3
  • Severity: High

This zero-day vulnerability actually detected in the inter-process communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client. And this vulnerability is caused by the lack of authentication of the IPC listener.

To exploit this flaw any threat actor can send a specially crafted IPC message to the AnyConnect client IPC listener and allow that attacker to trick the user into executing malicious scripts on the infected system.

Apart from this, the security analysts at Cisco affirmed that:-

  • On the laptops used by a single user, this flaw is not exploitable.
  • This flaw is not remotely exploitable.
  • This vulnerability is not a privilege elevation exploit.
  • This security flaw is rated as high severity, as this has the ability to exploit the configurations.

Vulnerable Products

  • AnyConnect Secure Mobility Client for Windows
  • AnyConnect Secure Mobility Client for macOS
  • AnyConnect Secure Mobility Client for Linux

Determine Vulnerability

Below we have mentioned the locations where you can check the presence of this flaw:-

  • Windows:<DriveLetter>:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\
  • macOS: /opt/cisco/anyconnect/
  • Linux: /opt/cisco/anyconnect/

Mitigation

As a security measure, the analysts have recommended all the users who cannot immediately install the security updates to turn off the Auto-Update feature.

Moreover, they have also urged users to disable the Enable Scripting configuration setting on the devices where this setting is enabled. As they claimed that by doing so will reduce the attack surface.

Apart from this, if anyone somehow won’t able to upgrade their older versions to the newer version with all the security fixes, for them to apply the recommended workarounds Cisco have also provided the detailed upgradation guide.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Mirai Botnet Variant Exploits Zero-Day Vulnerabilities in Routers

Researchers observed the Gayfemboy botnet in early 2024 as a basic Mirai variant. Still,...

GeoVision 0-Day Vulnerability Exploited in the Wild

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices,...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...