Cisco has fixed a critical vulnerability in its VPN client for Windows, that if exploited, could allow the attacker to execute arbitrary code on the affected machine.
Even as the networking hardware company continues to analyze the flaw, it has released an update that it hopes to defang it.
The vulnerability was flagged by security researchers at Core Security and according to the advisory, the Cisco Product Security Incident Response Team (PSIRT) isn’t aware of any malicious use of the vulnerability in the wild.
- Here’s our list of the best VPN services
- These are some of the best remote desktop sharing software
- We've put together a list of the best endpoint protection software
Update to mitigate
The vulnerability, tracked as CVE-2021-1366, was discovered in the inter-process communication (IPC) channel of the AnyConnect Secure Mobility Client for Windows.
It uses the HostScan module, which assesses an endpoint's compliance for things like antivirus, and firewall software installed on the host, to launch a DLL hijacking attack.
Cisco believes the reason behind the weakness is the insufficient validation of resources that are loaded by the client when it is executed. The attacker will have to craft and send an IPC message to the AnyConnect process, which would then enable them to execute arbitrary code on the affected machine with elevated privileges.
As per the advisory, the vulnerability only affects Windows version of the Cisco AnyConnect Secure Mobility Client prior to v4.9.05042. Furthermore, as mentioned earlier, it’ll only affect users who use the HostScan module, and not the ones who connect with the ISE Posture module.
Furthermore, Cisco has also confirmed that the Linux, macOS, Android, and iOS versions of AnyConnect Secure Mobility Client aren’t susceptible to the vulnerability.
- Check out our list of the best Linux VPN services
