The Cisco Product Security Incident Response Team (PSIRT) has recently fixed a six-month-old zero-day vulnerability that is tracked as “CVE-2020-3556” in Cisco AnyConnect Security Client.
This zero-day flaw allows any attackers to execute arbitrary code; so, the experts have strongly recommended all the users to update their client immediately.
AnyConnect is a VPN security client that was launched by Cisco, and the chief function of AnyConnect VPN is to expedite all its users (intending company employees) to work safely on any device.
No matter where the user is, as it allows all its users to work as usual using the laptops, and mobile devices provided by the company.
AnyConnect simplifies and secures the terminal access to provide the necessary security measures to guarantee the constant security of the company or organization.
However, in the AnyConnect Secure Mobility Client Software releases 4.10.00093, and later this six-month-old zero-day vulnerability has been addressed.
Here we have mentioned all the details of this six-month-old zero-day vulnerability:-
This zero-day vulnerability actually detected in the inter-process communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client. And this vulnerability is caused by the lack of authentication of the IPC listener.
To exploit this flaw any threat actor can send a specially crafted IPC message to the AnyConnect client IPC listener and allow that attacker to trick the user into executing malicious scripts on the infected system.
Apart from this, the security analysts at Cisco affirmed that:-
Below we have mentioned the locations where you can check the presence of this flaw:-
As a security measure, the analysts have recommended all the users who cannot immediately install the security updates to turn off the Auto-Update feature.
Moreover, they have also urged users to disable the Enable Scripting configuration setting on the devices where this setting is enabled. As they claimed that by doing so will reduce the attack surface.
Apart from this, if anyone somehow won’t able to upgrade their older versions to the newer version with all the security fixes, for them to apply the recommended workarounds Cisco have also provided the detailed upgradation guide.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
A critical zero-day vulnerability in Sitecore’s enterprise content management system (CMS) has been uncovered, enabling…
A recent investigation into misconfigured Apache Airflow instances has uncovered critical vulnerabilities exposing login credentials,…
Federal authorities have unveiled details of a sophisticated cybercrime operation targeting financial institutions across four…
A significant leak of internal chat logs from the Black Basta ransomware group has provided…
Security researchers at Socket have uncovered a sophisticated malware campaign targeting the Go ecosystem. The…
A sophisticated malware campaign has been uncovered, exploiting the growing popularity of Windows Packet Divert…