A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCisco Anyconnect Secure Mobility Client
APPCisco< 4.9.00086
CISA KEV — detailsi
- Vendori
- Cisco ↗
- Producti
- AnyConnect Secure
- Added to KEVi
- October 24, 2022
- Remediation deadline (US Federal)i
- November 14, 2022(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Apply updates per vendor instructions.
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
Related vulnerabilities
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows a...
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux a...
A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allo...
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility ...
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility ...