Cisco today revealed a zero-day vulnerability of publicly accessible proof-of-concept exploit code in the Cisco AnyConnect Secure Mobility Client Software.
Although the security fixes to this arbitrary code execution vulnerability are still not available, Cisco is working to mitigate the zero-day issue in a future client release of AnyConnect.
However, according to the Cisco Product Protection Incident Response Team (PSIRT), the Cisco AnyConnect Secure Mobility Client security bug has not yet been exploited wildly.
Devices with default configurations are not vulnerable.
Identified as CVE-2020-3556 has a high risk of exposure and can be located within Cisco AnyConnect's interprocess communication channel and allows authenticated and local attackers to use a particular individual to execute malicious scripts.
It concerns all versions of AnyConnect's Windows, Linux, and macOS clients, which have insecure settings — this vulnerability does not impact mobile iOS and Android clients.
"The Auto Update setting and the Allow Scripting setting must be trigger both in a vulnerable configuration," Cisco said. "The default is Auto Update, and Enable Scripting is disabled by default."
Active any connect sessions and valid credentials on a targeted computer are also required for successful exploitation.
Mitigation available
Although no working features for addressing CVE-2020-3556 are available, it can be mitigated by disabling Auto-Update functionality.
By disabling the Enable Scripting configuration setting on devices where it is available, the attack surface can also be significantly reduced.
Gerbert Roitburd of the Secure Mobile Networking Laboratory (TU Darmstadt) reported the vulnerability to Cisco.
Today, Cisco has also patched 11 other high-severity and 23 moderate-severity security flaws in several products that could lead to service denials or arbitrary code execution on vulnerable devices.
For detailed structure you can have a look at
CISCO Security Advisory.
In September and July, Cisco also successfully mitigated the faults exploited by a range of carrier-grade routers as well as the ASA / FTD firewall.