Critical AnyConnect Vulnerability Fixed By Cisco
Cisco has addressed a high-severity vulnerability in its Cisco Secure Client software, previously known as AnyConnect Secure Mobility Client. The flaw could allow attackers to elevate privileges to the SYSTEM account used by the operating system. The vulnerability, identified as CVE-2023-20178, can be exploited by local, low-privileged attackers without user interaction, and it stems from improper permissions assigned to a temporary directory during the upgrade process. The bug has been fixed in the affected Windows versions of AnyConnect Secure Mobility Client and Cisco Secure Client. Other platforms like macOS, Linux, and mobile products are not affected. Read more...