CVE-2023-20178

HIGH7.8

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM

Published Jun 28, 2023

Modified 1 years ago

Fix available

Details

This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.

Affected Packages

cisco-secure-client-vpn

AlmaLinux 10AlmaLinux 8AlmaLinux 9CentOS 10CentOS 7

Fixed in:

4.10.070615.0.02075

Cisco Secure Client - AnyConnect VPN

AppXWindows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)

Fixed in:

4.10.070615.0.02075

Cisco AnyConnect Secure Mobility Client

Windows 10 (1507)Windows 10 (1607) / Server 2016Windows 10 (1809) / Server 2019Windows 10 (1903)Windows 10 (1909)

Fixed in:

4.10.070615.0.02075

Cisco Secure Client

macOS 14macOS 15macOS 26

Fixed in:

4.10.070615.0.02075

References

WEB

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2023-20178

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Configuration

CWE-276

Incorrect Default Permissions

Ecosystems(218)

AlmaLinux 10 AlmaLinux 8 AlmaLinux 9 AppX CentOS 10

Timeline

PublishedJun 28, 2023

ModifiedAug 2, 2024

CVE-2023-20178 | Mondoo Vulnerability Intelligence