Cisco AnyConnect For Windows Active Exploit
Date of Notice: 10/26/2022
Action Level - High
Description
Cisco is reporting that two security vulnerabilities in the AnyConnect Secure Mobility Platform have been actively exploited in the wild. These vulnerabilities could allow an attacker to execute arbitrary code on vulnerable devices. As a result of the active exploitation, Cisco is recommending that customers update affected devices as soon as possible.
Affected Versions
- Cisco AnyConnect Secure Mobility Client for Windows : versions prior to 4.9.00086
Attack Vector
Any attacker with network access can exploit this vulnerability. This could be an external bad actor interacting with public facing devices or an internal bad actor interacting with any device they have network access to. Though the exploits require authentication, they could be chained with other vulnerabilities to gain access and proof of concept exploits exist with this functionality.
Attack Feasibility
An exploit is available and in current use by attackers.
Remediation
Update to a current, fixed version of AnyConnect.
Vendor Resources