Cisco is offering software updates for two of its AnyConnect for Windows VPN products it says represent a threat ranked 'high'. Credit: iStock Cisco is offering software updates for two of its AnyConnect for Windows products it says are actively being exploited in the field. AnyConnect for Windows is security software package, in this case for Windows machines, that sets up VPN connectivity, provides access control and supports other endpoint security features. Cisco said AnyConnect products for MacOS, Linux are not affected. Cisco said its Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerability, which is described in this advisory. “In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,” the vendor said in its alert for both vulnerabilities. There are no workarounds for the problems, but software updates are available to address them, Cisco stated. The first vulnerability involves a weakness in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows that could let an authenticated local attacker perform a Microsoft Dynamic Link Libranry (DLL) hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system, Cisco stated. “The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process,” Cisco stated. “A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges.” Cisco fixed this vulnerability in Cisco AnyConnect Secure Mobility Client for Windows releases 4.9.00086 and later. The second vulnerability is in the installer component of Cisco AnyConnect Secure Mobility Client for Windows that could allow an authenticated local attacker to copy user-supplied files to system-level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths, Cisco stated. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. “This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system,” Cisco stated. Cisco AnyConnect Secure Mobility Client for Windows releases 4.8.02042 and later contained the fix for this vulnerability. In addition to the Windows weakness, Cisco recently patched a vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices. This vulnerability, which is not known to be exploited in the wild, is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session, Cisco stated. “An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device,” Cisco stated. “A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established,” Cisco stated. When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention, Cisco noted. Cisco Meraki has released software updates that address this vulnerability and there are no workarounds. Related content analysis At RSA, Cisco unveils Splunk integrations, Hypershield upgrades At RSA Conference 2024, Cisco announced plans to integrate its XDR platform and Splunk’s SIEM, bolster its Hypershield AI-native security architecture, and add to its Duo access-protection software. By Michael Cooney May 06, 2024 5 mins Network Management Software Network Security Networking how-to Download our Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and Steve Zurier May 06, 2024 1 min Network Security Enterprise Buyer’s Guides news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie May 06, 2024 6 mins Careers Data Center Networking feature IBM’s bets on AI and hybrid cloud pay off Three key differentiators of IBM’s AI and cloud offerings are cross-platform automation, integration with multiple clouds, and tie-ins to IBM professional services. By Jeff Vance May 06, 2024 9 mins Hybrid Cloud Network Management Software Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe