Cisco Warns AnyConnect VPNs Under Active Cyberattack

  /     /     /  
Publicated : 23/11/2024   Category : security


Cisco Warns AnyConnect VPNs Under Active Cyberattack


Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.



A pair of known security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows is being actively exploited in the wild, despite being patched for two-plus years.
The networking giant is warning that cybercrime groups are pressing two local privilege escalation (LPE) bugs into service, with active exploit chains against the VPN platform being observed starting this month.
The first flaw (
CVE-2020-3153
, with a CVSS score of 6.5) would allow a logged-in user to send a specially crafted IPC message to the AnyConnect process to perform DLL hijacking and execute arbitrary code on the affected machine with SYSTEM privileges. The second issue (
CVE-2020-3433
, with a CVSS score of 7.8) could allow a logged-in user to copy arbitrary files to system-level directories with SYSTEM privileges.
In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild, Cisco noted in the updated advisories.
The situation showcases the danger that older vulnerabilities continue to pose to companies and individuals.
LPE patches
are often de-prioritized in the glut of updates that businesses are
faced with every month
, but exploit chains often combine a remote code execution (RCE) bug for initial access with an LPE exploit for burrowing deeper into corporate networks and uncovering sensitive information.
The US Cybersecurity and Infrastructure Security Agency (CISA) also this week
added the bugs
to its Known Exploited Vulnerabilities (KEV) catalog, along with four even older bugs in Ciscos Gigabyte gaming and graphics drivers (
CVE-2018-19320
,
CVE-2018-19321
,
CVE-2018-19322
,
CVE-2018-19323
). Sophos flagged
exploitation of the latter
earlier in the month by the BlackByte ransomware gang.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security

▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security

▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Cisco Warns AnyConnect VPNs Under Active Cyberattack