2. November 2022
Cisco Warns of AnyConnect Vulnerability Exploitations
Two years after discovering vulnerabilities in its secure networking platform for PC’s, mobile devices, and tablets, Cisco sounded the alarms for potential exploits. Cisco AnyConnect Secure Mobility Client, a VPN-like network service that provides encrypted channels for secure remote working, might put corporate users at risk.
Considering that Cisco AnyConnect is meant to provide a secure communication channel, the discoveries are major concerns for all unsuspecting users. Read on to find out how the Cisco AnyConnect security flaws affect you and what you can do about them.
How bad actors might exploit the vulnerabilities
In 2020, Cisco fixed two local privilege escalation vulnerabilities. Such security flaws allow an unauthorized party to gain SYSTEM privileges by exploiting the vulnerabilities. The vulnerabilities discovered by Cisco imposed such risks in the following ways.
A high-risk vulnerability, filed under CVE-2020-3433, allows hijackers to launch DLL attacks after gaining access to the targeted device. A DLL attack involves injecting malicious codes into the DLL files, which the applications will load at run time.
While rated as medium risk, the second vulnerability (CVE-2020-3153) is equally troubling for corporate users. It allows attackers to copy malicious files into system-level directories. The maneuver opens up possibilities of subsequent attacks, including DLL hijacking.
How to resolve Cisco AnyConnect’s security flaws?
The exploitation of 2-year-old vulnerabilities denotes the risk of unpatched applications. It also highlights that cybercriminals are actively exploiting security flaws in applications, regardless if the vendor has remediated the problem. Simply because certain applications, such as Cisco AnyConnect, aren’t rapidly updated like .e.g browsers.
To ensure you’re not at risk, update your Cisco AnyConnect Secure Mobility Client for Windows installations to releases 4.10.01075 or later. This release also fixes newer vulnerabilities like the ones mentioned in this article. If you’re using an earlier version, you might be targeted in recent exploits by bad actors.
How does SecTeer help in mitigating application vulnerabilities?
Secteer is a leading cybersecurity company that provides automated security patch management for Windows devices. VulnDetect has detected Cisco AnyConnect for a long time, including warning about the state of these old vulnerable versions and advising on newer versions without known issues. Customers can use our “Custom Software” feature to update Cisco AnyConnect to the latest secure release.