Skip to content

Affected Systems:

Cisco AnyConnect Secure Mobility Client for Windows – Releases earlier than 4.9.00086.

Description:

Cisco has warned customers using the Cisco AnyConnect Secure Mobility Client for Windows that two previously discovered vulnerabilities have been seen exploited in the wild. The announcement comes alongside the two vulnerabilities being added to the US Cybersecurity and Infrastructure Security Agency (CISA)’s Known Exploited Vulnerabilities Catalogue on the 24th of October.

Tracked as CVE-2020-3433 and CVE-2020-3153, the two vulnerabilities were first discovered in August and February 2020 but have only recently been seen exploited in the wild. The first, CVE-2020-3433, has been classed as high severity and allows for an attacker with valid Windows credentials to perform a DLL hijacking attack – a type of attack that involves a hacker injecting malicious code into an application by exploiting the way some Windows applications use Dynamic Link Libraries (DLL). If successful, the attacker would be able to execute arbitrary code on the victim machine with system privileges. The second vulnerability, CVE-2020-3153, is of medium severity and allows an authenticated local attacker to copy user-supplied files to system-level directories. It is caused by incorrect handling of directory paths by the application.

Although both vulnerabilities were discovered and patched over two years ago, Cisco has only recently seen them being actively exploited, warning in their security advisory that “In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild” and that Cisco “is aware that proof-of-concept exploit code is available” for the higher severity exploit, CVE-2020-3433.

Cisco has noted that AnyConnect Secure Mobility Client for macOS, Linux, and mobile device operating systems such as iOS and Android are not vulnerable.

Preventions:

Patches for these vulnerabilities were released in 2020, so releases 4.9.00086 and later are not affected by these bugs.

The latest version of Cisco AnyConnect Secure Mobility Client for Windows is available at Cisco’s Software Centre. Cisco has provided the following steps for those looking to find the latest release:

  1. Click Browse all.
  2. Choose Security > VPN and Endpoint Security Clients > Cisco VPN Clients > AnyConnect Secure Mobility Client > AnyConnect Secure Mobility Client v4.x.Choose the release from the AnyConnect Secure Mobility Client v4.x page from the left pane.

Related Links: