Skip to main content

Cisco fixes vulnerability in top Windows VPN client

VPN
(Image credit: Shutterstock / Elaine333)

Cisco has fixed a critical vulnerability in its VPN client for Windows, that if exploited, could allow the attacker to execute arbitrary code on the affected machine. 

Even as the networking hardware company continues to analyze the flaw, it has released an update that it hopes to defang it.  

The vulnerability was flagged by security researchers at Core Security and according to the advisory, the Cisco Product Security Incident Response Team (PSIRT) isn’t aware of any malicious use of the vulnerability in the wild.

Update to mitigate

The vulnerability, tracked as CVE-2021-1366, was discovered in the inter-process communication (IPC) channel of the AnyConnect Secure Mobility Client for Windows.

 It uses the HostScan module, which assesses an endpoint's compliance for things like antivirus, and firewall software installed on the host, to launch a DLL hijacking attack.

Cisco believes the reason behind the weakness is the insufficient validation of resources that are loaded by the client when it is executed. The attacker will have to craft and send an IPC message to the AnyConnect process, which would then enable them to execute arbitrary code on the affected machine with elevated privileges. 

As per the advisory, the vulnerability only affects Windows version of the Cisco AnyConnect Secure Mobility Client prior to v4.9.05042. Furthermore, as mentioned earlier, it’ll only affect users who use the HostScan module, and not the ones who connect with the ISE Posture module.

Furthermore, Cisco has also confirmed that the Linux, macOS, Android, and iOS versions of AnyConnect Secure Mobility Client aren’t susceptible to the vulnerability.