PoC Released for Cisco AnyConnect Privilege Escalation Vulnerability (CVE-2023-20178)
Dark Lab on Jun 29 2023
Share:
On 7 June, Cisco released a security advisory regarding a privilege escalation vulnerability impacting Cisco AnyConnect VPN products (CVE-2023-20178). A low-privileged, authenticated, local attacker can exploit the specific Windows installer process to elevate their privileges to those of SYSTEM.
A Proof of Concept (PoC) has since been released and whilst no exploitation attempts have been observed as at the time of writing, we suspect that malicious actors will seek to weaponise the vulnerability post-infiltration.
We recommend applying the latest patch to mitigate against potential exploitation attempts, given the release of the PoC.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
https://github.com/Wh04m1001/CVE-2023-20178
A Proof of Concept (PoC) has since been released and whilst no exploitation attempts have been observed as at the time of writing, we suspect that malicious actors will seek to weaponise the vulnerability post-infiltration.
We recommend applying the latest patch to mitigate against potential exploitation attempts, given the release of the PoC.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
https://github.com/Wh04m1001/CVE-2023-20178