Cisco is offering software updates for two of its AnyConnect for Windows VPN products it says represent a threat ranked 'high'. Credit: iStock Cisco is offering software updates for two of its AnyConnect for Windows products it says are actively being exploited in the field. AnyConnect for Windows is security software package, in this case for Windows machines, that sets up VPN connectivity, provides access control and supports other endpoint security features. Cisco said AnyConnect products for MacOS, Linux are not affected. Cisco said its Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability, which is described in this advisory. “In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,” the vendor said in its alert for both vulnerabilities. There are no workarounds for the problems, but software updates are available to address them, Cisco stated. The first vulnerability involves a weakness in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows that could let an authenticated local attacker perform a Microsoft Dynamic Link Libranry (DLL) hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system, Cisco stated. “The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process,” Cisco stated. “A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges.” Cisco fixed this vulnerability in Cisco AnyConnect Secure Mobility Client for Windows releases 4.9.00086 and later. The second vulnerability is in the installer component of Cisco AnyConnect Secure Mobility Client for Windows that could allow an authenticated local attacker to copy user-supplied files to system-level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths, Cisco stated. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. “This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system,” Cisco stated. Cisco AnyConnect Secure Mobility Client for Windows releases 4.8.02042 and later contained the fix for this vulnerability. In addition to the Windows weakness, Cisco recently patched a vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices. This vulnerability, which is not known to be exploited in the wild, is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session, Cisco stated. “An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device,” Cisco stated. “A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established,” Cisco stated. When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention, Cisco noted. Cisco Meraki has released software updates that address this vulnerability and there are no workarounds. Related content news SolarWinds debuts AI framework in its service desk product SolarWinds AI will first be put to use in its service desk solution to improve service agent workflows and reduce the time it takes to resolve tickets. By Denise Dubie May 21, 2024 4 mins Network Management Software Network Monitoring news Broadcom launches 400G Ethernet adapters The highly scalable, low-power 400G PCIe Gen 5.0 Ethernet adapters are designed for AI in the data center. By Andy Patrizio May 21, 2024 3 mins CPUs and Processors Networking news Microsoft Build 2024: Cloud infra updates include Cobalt 100-based VMs, access to Copilot in Azure Azure Compute Fleet, a new service designed to simplify Azure provisioning, is also among the cloud infrastructure updates unveiled at Microsoft's Build 2024 event in Seattle. By Anirban Ghoshal May 21, 2024 3 mins Server Virtualization Cloud Computing news Adopt AI — and quick! Dell Technologies CEO tells customers At its Dell Technologies World customer conference, the company announced an storage and cloud management tools to support AI, and an alliance with Nvidia. By Irene Iglesias Alvarez May 21, 2024 3 mins Cloud Management Cloud Storage PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe