Cisco warns admins to patch AnyConnect flaw exploited in attacks

by | Oct 26, 2022 | News

Cisco vulnerabilities AnyConnect exploited

Post Views: 598

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.

 

The AnyConnect Secure Mobility Client simplifies secure enterprise endpoint access and enables employees to work from anywhere while connected to a secure Virtual Private Network (VPN) through Secure Sockets Layer (SSL) and IPsec IKEv2.

The two security flaws (tracked as CVE-2020-3433 and CVE-2020-3153) enable local attackers to perform DLL hijacking attacks and copy files to system directories with system-level privileges. 

Following successful exploitation, the attackers could execute arbitrary code on the targeted Windows devices with SYSTEM privileges.

Luckily, both vulnerabilities require authentication, with the attackers being required to have valid credentials on the system. However, they could be chained with Windows privilege escalation flaws, especially since proof-of-concept exploits are already available online for both CVEs [12].

Today, two years after patching them in 2020, Cisco updated the security advisories to ask admins to update the vulnerable software and block ongoing attacks.

“In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild,” the company warned.

“Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.”

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

Added to CISA’s list of bugs exploited in attacks

 

This warning confirms an announcement from Cybersecurity and Infrastructure Security Agency (CISA) on Monday that both security flaws have been added to its Known Exploited Vulnerabilities catalog.

Once added to CISA’s list of bugs exploited in attacks, all Federal Civilian Executive Branch Agencies (FCEB) agencies are required by a binding operational directive (BOD 22-01) from November 2021 to apply patches or mitigation measures.

The federal agencies were given three weeks, until November 11th, to ensure that any ongoing exploitation attempts would be blocked.

Trending: Common and Uncommon types of SQL Injection

Trending: Offensive Security Tool: Monkey365

As CISA added yesterday, “these types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.”

The U.S. cybersecurity agency also strongly urged all organizations worldwide to prioritize patching these security bugs, even though BOD 22-01 only applies to U.S. FCEB agencies.

Trending: Microsoft data breach exposes over 65K customers’ contact info, emails

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This