Cisco has fixed a high severity flaw, tracked as CVE-2023-20178 with a CVSS Score of 7.8, resides in Cisco Secure Client that can be exploited by low-privileged, authenticated, local attacker to escalate privileges to the highest privileged account.
Cisco Secure Client is a software platform designed to provide secure remote access to corporate networks for employees or authorized users. It has the features and functionalities to ensure secure connectivity and protect data during remote access sessions. It supports robust authentication mechanisms, encryption protocols, and network access controls to protect sensitive information and prevent unauthorized access.
An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. The vulnerability stems from improper permissions assigned to a temporary directory that is created during the upgrade process.
The below products not affected by the vulnerability.
- Cisco AnyConnect Secure Mobility Client for Linux
- Cisco AnyConnect Secure Mobility Client for MacOS
- Cisco Secure Client-AnyConnect for Android
- Cisco Secure Client AnyConnect VPN for iOS
- Cisco Secure Client for Linux
- Cisco Secure Client for MacOS
There are no workarounds that address the issue until an upgradation is done. The Cisco PSIRT is not aware of attacks exploiting this vulnerability in the wild.