CVE-2023-20178

Name of the Vulnerable Software and Affected Versions Cisco Secure Client (formerly Cisco AnyConnect Secure Mobility Client) versions (affected versions not specified)

Description A vulnerability in the client update process of Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process, such as the vpndownloader.exe process, which creates a directory in c:windowstemp with default permissions. A successful exploit could allow the attacker to execute code with SYSTEM privileges, potentially allowing for arbitrary file deletion as the NT AuthoritySYSTEM account.

Recommendations As a temporary workaround, consider restricting access to the vpndownloader.exe process until a patch is available. Avoid using the default permissions for the temporary directory created by vpndownloader.exe in the c:windowstemp directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.