Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in Cisco Secure Client Software
Alerts

High-Severity Vulnerability in Cisco Secure Client Software

23 June 2023

Cisco has released security updates to address a vulnerability (CVE-2023-20178) affecting their Secure Client Software. The proof-of-concept exploit code targeting this vulnerability is reported to be publicly available.

Successful exploitation of the privilege escalation vulnerability could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM, and execute code with SYSTEM privileges.

The vulnerability affects the following Cisco products for Windows:

• Cisco AnyConnect Secure Mobility Client Software versions 4.10 and earlier

• Cisco Secure Client Software version 5.0

Users and administrators of affected versions are advised to update to the latest versions immediately.

More information is available here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw

https://securityaffairs.com/147744/hacking/cve-2023-20178-poc-exploit-code.html

https://www.securityweek.com/poc-exploit-published-for-cisco-anyconnect-secure-vulnerability/

Back to top