Cisco fixes vulnerability in top Windows VPN client

Urges users to update their apps while it scrutinizes the lapse

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cisco has fixed acritical vulnerabilityin itsVPNclient for Windows, that if exploited, could allow the attacker to execute arbitrary code on the affected machine.

Even as the networking hardware company continues to analyze the flaw, it has released an update that it hopes to defang it.

The vulnerability was flagged by security researchers at Core Security and according to the advisory, the Cisco Product Security Incident Response Team (PSIRT) isn’t aware of any malicious use of the vulnerability in the wild.

Update to mitigate

Update to mitigate

The vulnerability, tracked as CVE-2021-1366, was discovered in the inter-process communication (IPC) channel of the AnyConnect Secure Mobility Client forWindows.

It uses the HostScan module, which assesses an endpoint’s compliance for things likeantivirus, andfirewall softwareinstalled on the host, to launch a DLL hijacking attack.

Cisco believes the reason behind the weakness is the insufficient validation of resources that are loaded by the client when it is executed. The attacker will have to craft and send an IPC message to the AnyConnect process, which would then enable them to execute arbitrary code on the affected machine with elevated privileges.

As per the advisory, the vulnerability only affects Windows version of the Cisco AnyConnect Secure Mobility Client prior to v4.9.05042. Furthermore, as mentioned earlier, it’ll only affect users who use the HostScan module, and not the ones who connect with the ISE Posture module.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Furthermore, Cisco has also confirmed that theLinux,macOS,Android, andiOSversions of AnyConnect Secure Mobility Client aren’t susceptible to the vulnerability.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Should your VPN always be on?

3 reasons why PIA fell in our best VPN rankings

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace