A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability (CVE-2020-3556)

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability (CVE-2020-3556)

Advisory No: TZCERT/SA/2020/11/11

Date of First Release: 11th November 2020

Source: CISCO

Software Affected: AnyConnect Secure Mobility Client for Linux, Windows and macOS

Overview:

This vulnerability exists in the interprocess communication (IPC) channel of the Cisco AnyConnect Secure Mobility Client Software that could allow an authenticated user to execute code through AnyConnect user.

Description:

The vulnerability is caused by a lack of authentication to AnyConnect client IP listener, that could allow an attacker with specially crafted IPC messages to execute malicious scripts. The exploitation of this vulnerability requires an attacker to have valid credentials on the system running AnyConnect client.

This vulnerability affects all versions of the software that have a configuration Bypass Downloader set to its default value of false. If Bypass Downloader is set to true, the Bypass downloader will be enabled, and the device will not be affected by this vulnerability.

Impact:

Successful exploitation of the vulnerability could allow an adversary to execute codes on the affected system.

Solution:

Cisco has not issued any workarounds or patches that address this vulnerability. However, users and administrators are advised to verify the Bypass Downloader configuration on a VPN client system and change the value to true.

To change Bypass Downloader configuration, perform the following:

  1. Locate the AnyConnectLocalPolicy.xml file on the client machine. The file can be found at this location:
    • Windows: <DriveLetter>:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\
    • Linux: /opt/cisco/anyconnect/
    • macOS: /opt/cisco/anyconnect/
  1. Open the file in any text editor and change the setting to true, as shown below:
    • Default value: <BypassDownloader>false</BypassDownloader>
    • Change value to: <BypassDownloader>true</BypassDownloader>
  1. Save the file and restart the computer.

References:

  1. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
  2. https://nvd.nist.gov/vuln/detail/CVE-2020-3556

Check Also

VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

Advisory No: TZCERT/SA/2020/11/26 Date of First Release: 26th November 2020 Source: VMware Software Affected:  VMware Workspace One Access    …