Cisco Reveals Zero-Day Vulnerability in AnyConnect VPN with POC

November 6, 2020
Browse All Blogs
CISCO zero-day vulnerability in AnyConnect
Cisco today revealed a zero-day vulnerability of publicly accessible proof-of-concept exploit code in the Cisco AnyConnect Secure Mobility Client Software.
Although the security fixes to this arbitrary code execution vulnerability are still not available, Cisco is working to mitigate the zero-day issue in a future client release of AnyConnect.
However, according to the Cisco Product Protection Incident Response Team (PSIRT), the Cisco AnyConnect Secure Mobility Client security bug has not yet been exploited wildly.
Devices with default configurations are not vulnerable.
Identified as CVE-2020-3556 has a high risk of exposure and can be located within Cisco AnyConnect's interprocess communication channel and allows authenticated and local attackers to use a particular individual to execute malicious scripts.
It concerns all versions of AnyConnect's Windows, Linux, and macOS clients, which have insecure settings — this vulnerability does not impact mobile iOS and Android clients.
"The Auto Update setting and the Allow Scripting setting must be trigger both in a vulnerable configuration," Cisco said. "The default is Auto Update, and Enable Scripting is disabled by default."
Active any connect sessions and valid credentials on a targeted computer are also required for successful exploitation.

Mitigation available

Although no working features for addressing CVE-2020-3556 are available, it can be mitigated by disabling Auto-Update functionality.
By disabling the Enable Scripting configuration setting on devices where it is available, the attack surface can also be significantly reduced.
Gerbert Roitburd of the Secure Mobile Networking Laboratory (TU Darmstadt) reported the vulnerability to Cisco.
Today, Cisco has also patched 11 other high-severity and 23 moderate-severity security flaws in several products that could lead to service denials or arbitrary code execution on vulnerable devices.
For detailed structure you can have a look at CISCO Security Advisory.
In September and July, Cisco also successfully mitigated the faults exploited by a range of carrier-grade routers as well as the ASA / FTD firewall.

Users also read:

January 6, 2021
How to Invade CouchDB with Ubuntu

In this article, we will demonstrate how you can set up your vulnerable CouchDB for pen-testing in Ubuntu 20.4

December 24, 2020
How to grab windows credentials using FakeLogonScreen Tool

This tool pretty much creates the fake logon screen on victim computer. Victim might think he accidentally logged off but that’s not the case.

December 17, 2020
Google collapse: YouTube, Google meet, Maps Stop working around the globe

Google experienced difficulties on a large scale for it’s online services, such as YouTube, Google Meet, Google Maps, Google Calendar.

Leave a Reply

Your email address will not be published. Required fields are marked *

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram