CVE-2023-20178

Summary

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Client4.9.00086affected
CiscoCisco Secure Client4.9.01095affected
CiscoCisco Secure Client4.9.02028affected
CiscoCisco Secure Client4.9.03047affected
CiscoCisco Secure Client4.9.03049affected
CiscoCisco Secure Client4.9.04043affected
CiscoCisco Secure Client4.9.04053affected
CiscoCisco Secure Client4.9.05042affected
CiscoCisco Secure Client4.9.06037affected
CiscoCisco Secure Client4.10.00093affected
CiscoCisco Secure Client4.10.01075affected
CiscoCisco Secure Client4.10.02086affected
CiscoCisco Secure Client4.10.03104affected
CiscoCisco Secure Client4.10.04065affected
CiscoCisco Secure Client4.10.04071affected
CiscoCisco Secure Client4.10.05085affected
CiscoCisco Secure Client4.10.05095affected
CiscoCisco Secure Client4.10.05111affected
CiscoCisco Secure Client4.10.06079affected
CiscoCisco Secure Client4.10.06090affected
CiscoCisco Secure Client5.0.00238affected
CiscoCisco Secure Client5.0.00529affected
CiscoCisco Secure Client5.0.00556affected
CiscoCisco Secure Client5.0.01242affected

Weaknesses

  • CWE-276: Incorrect Default Permissions

ADP Enrichment

CVE Program Container

Additional References

References