Update

Update your Cisco System Secure Client now to fix this AnyConnect bug

Cisco Secure Client is the fresh recipient of a fix to address a high-severity vulnerability related to improper permissions. The flaw allows attackers to potentially escalate privileges to the SYSTEM account.

From the vulnerability advisory:

A vulnerability in the client update feature of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM.

This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the upgrade process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

As Bleeping Computer notes, Secure Client allows for remote work thanks to a secure Virtual Private Network and also gives admins telemetry and endpoint management functionality. The attacks themselves do not need user interaction to get the exploitation ball rolling. Bleeping Computer also mentions that there is no current evidence to suggest active exploitation in the wild. With this in mind, there’s never been a better time to start patching. 

As with so many other vulnerabilities out there, there is no workaround for this issue. What this means is that if you’re delayed applying an update for whatever reason, there’s no way to put a band-aid over the wound until you’re ready to hit the update button. Your setup will simply remain at risk until you do it.

The vulnerable products are as follows:

Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows.

Note: For releases earlier than Release 5.0, Cisco Secure Client for Windows is known as Cisco AnyConnect Secure Mobility Client for Windows.

There’s a number of products not at risk from this issue, which are listed below. You’ll note that none of them are Windows.

  • Cisco AnyConnect Secure Mobility Client for Linux
  • Cisco AnyConnect Secure Mobility Client for MacOS
  • Cisco Secure Client-AnyConnect for Android
  • Cisco Secure Client AnyConnect VPN for iOS
  • Cisco Secure Client for Linux
  • Cisco Secure Client for MacOS

This issue has been resolved with the release of Cisco Secure Client for Windows 5.0MR2, and AnyCOnnect Secure Mobility Client for Windows 4.10MR7. If you haven’t already done so, it’s time to check out the Cisco downloads page and make your network a little bit safer.


Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.