With remote VPN usage at an all-time high due to COVID-19, it’s important for both customers and businesses alike to have confidence in the tools they’re using. Last week, Cisco disclosed a zero-day vulnerability, one that hasn’t been patched yet, that affects the Windows, Linux, and MacOS versions of their VPN client software, AnyConnect Secure Mobility Client. Security flaw CVE-2020-3556 exists within the interprocess communication (IPC) channel of the AnyConnect Client. Attackers would be able to send crafted IPC messages to the client listener, which lacks the authentication that makes this attack possible. If successfully exploited, the targeted AnyConnect user would be forced to execute malicious scripts that can perform a variety of things, which are all bad news for your network.
Is my connection safe?
For starters, the attacker would need to have valid credentials and access to the local network. This attack also requires the targeted user to have an active session of AnyConnect running. Luckily, a default configuration in this case is not vulnerable. Cisco stated that “a vulnerable configuration requires both the Auto Update setting and Enable Scripting setting to be enabled,” but by default the Enable Scripting setting is disabled. The best way to mitigate the risk for attack would be to disable both settings until a patch is released to fix this problem.
Cisco plans to patch this flaw in a future software release.
If you are ever concerned about the health and/or safety of your network, you can request more information on our 24x7 SEQ|OPS, Mi|HSOC, or Q|FRAME security solutions by filling out our Contact Form or emailing email@example.com.