Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2023-20178

Published: 28/06/2023 Updated: 25/01/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Secure Client

Vulnerability Summary

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local malicious user to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the malicious user to execute code with SYSTEM privileges.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco secure client

cisco anyconnect secure mobility client

Vendor Advisories

Cisco: Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability
A vulnerability in the client update feature of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM This vulnerability exists because improper permissions are assigned to a temporary directory t ...

Github Repositories

https://github.com/Wh04m1001/CVE-2023-20178

CVE-2023-20178 This is PoC for Arbitrary File Delete vulnerability in Cisco Secure Client (tested on 5001242) and Cisco AnyConnect (tested on 41006079) When a user connect to vpn, vpndownloaderexe process is started in background and it will create directory in c:\windows\temp with default permissions in following format: <random numbers>tmp After creatin

References

CWE-276https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kwhttps://nvd.nist.govhttps://github.com/Wh04m1001/CVE-2023-20178https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook