The vulnerability was reported to Cisco by Gerbert Roitburd from Secure Mobile Networking Lab (TU Darmstadt).Ĭisco also addressed 11 other high severity and 23 medium severity security vulnerabilities in multiple products that could be exploited to trigger a denial of service condition or to execute arbitrary code on vulnerable devices. The attack surface can also be drastically decreased by toggling off the Enable Scripting configuration setting on devices where it’s enabled.
Locate the exact driver you need quickly and easily, just follow these 3 easy steps to update Cisco An圜onnect Secure Mobility Client Virtual Miniport Adapter for Windows drivers now.
Unfortunately, Cisco has yet to address the arbitrary code execution flaw, a fix is expected to be included in a future An圜onnect client release.Ĭisco recommends disabling the Auto Update feature to mitigate the CVE-2020-3556 flaw, no workarounds is available to address it.Ĭisco Product Security Incident Response Team (PSIRT) is not aware of attacks in the wild that have exploited the vulnerability. How to update and fix Cisco An圜onnect Secure Mobility Client Virtual Miniport Adapter for Windows driver in 2 minutes. The issue could be exploited in presence of active An圜onnect sessions and valid credentials on the targeted device. “A vulnerable configuration requires both the Auto Update setting and Enable Scripting setting to be enabled, Auto Update is enabled by default, and Enable Scripting is disabled by default.” To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the An圜onnect client is being run.” continues the advisory. “In order to successfully exploit this vulnerability, there must be an ongoing An圜onnect session by the targeted user at the time of the attack.
The IT giant confirmed that iOS and Android clients are not impacted by this flaw. It affects all An圜onnect client versions for Windows, Linux, and macOS with vulnerable configurations. This script would execute with the privileges of the targeted An圜onnect user.” A successful exploit could allow an attacker to cause the targeted An圜onnect user to execute a script. An attacker could exploit this vulnerability by sending crafted IPC messages to the An圜onnect client IPC listener. This update automatically updates An圜onnect, including the VPN. “The vulnerability is due to a lack of authentication to the IPC listener. Cisco An圜onnect Secure Mobility Client - Version 4.9 MR5 (v2) Cisco An圜onnect 4.9 MR5 will be released between Januto Janufor all customers across all production release tracks who have the An圜onnect Cloud auto-update feature enabled in settings.
“A vulnerability in the interprocess communication (IPC) channel of Cisco An圜onnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted An圜onnect user to execute a malicious script.” reads the advisory published by the company. One of these commands is to start the vpndownloader application and update An圜onnect.Ī vulnerability has been discovered that could allow an authenticated local attacker to abuse this auto-update feature to copy files provided by standard user accounts to system-level directories with the required system permissions.The CVE-2020-3556 flaw resided in the interprocess communication (IPC) channel of Cisco An圜onnect Client, it can be exploited by authenticated and local attackers to execute malicious scripts via a targeted user. This service exposes TCP port 62522 on the loopback device, which clients can connect to and send commands to be processed by this service. Automatic updating also works for users with low privileges because it is initiated by a service called the Cisco An圜onnect Secure Mobility Agent and runs with SYSTEM privileges.
The Cisco An圜onnect Secure Mobility Client includes features to automatically update with updates. The vulnerability CVE-2020-3153 is located in the installer component of the Cisco An圜onnect Secure Mobility Client for Windows. Independent security researcher Yorick Koster has reported this vulnerability in the SSD Secure Disclosure Program. This issue can be used to gain SYSTEM privileges: The following tweet brought this issue to my attention a few days ago.ĭetails for the path traversal vulnerability I discovered in the Cisco An圜onnect Secure Mobility Client for Windows are now public (CVE-2020-3153). A Privilege Escalation vulnerability exists in the Cisco An圜onnect Secure Mobility client for Windows.