Cisco fixes vulnerability in top Windows VPN client

VPN
(Image credit: Shutterstock / Elaine333)
Audio player loading…

Cisco has fixed a critical vulnerability (opens in new tab) in its VPN (opens in new tab) client for Windows, that if exploited, could allow the attacker to execute arbitrary code on the affected machine. 

Even as the networking hardware company continues to analyze the flaw, it has released an update that it hopes to defang it.  

The vulnerability was flagged by security researchers at Core Security and according to the advisory, the Cisco Product Security Incident Response Team (PSIRT) isn’t aware of any malicious use of the vulnerability in the wild.

Update to mitigate

The vulnerability, tracked as CVE-2021-1366, was discovered in the inter-process communication (IPC) channel of the AnyConnect Secure Mobility Client for Windows (opens in new tab).

 It uses the HostScan module, which assesses an endpoint's compliance for things like antivirus (opens in new tab), and firewall software (opens in new tab) installed on the host, to launch a DLL hijacking attack.

Cisco believes the reason behind the weakness is the insufficient validation of resources that are loaded by the client when it is executed. The attacker will have to craft and send an IPC message to the AnyConnect process, which would then enable them to execute arbitrary code on the affected machine with elevated privileges. 

As per the advisory, the vulnerability only affects Windows version of the Cisco AnyConnect Secure Mobility Client prior to v4.9.05042. Furthermore, as mentioned earlier, it’ll only affect users who use the HostScan module, and not the ones who connect with the ISE Posture module.

Furthermore, Cisco has also confirmed that the Linux (opens in new tab), macOS (opens in new tab), Android (opens in new tab), and iOS (opens in new tab) versions of AnyConnect Secure Mobility Client aren’t susceptible to the vulnerability.  

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.