{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-058.pdf"
    },
    "title": "Cisco AnyConnect Secure Mobility Client Vulnerability",
    "serial_number": "2020-058",
    "publish_date": "08-12-2020 13:15:00",
    "description": "Cisco released an advisory on the 4th of December regarding a vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software. It could allow an authenticated local attacker to cause a targeted AnyConnect user to execute a malicious script.",
    "url_title": "2020-058",
    "content_markdown": "---\ntitle: 'Cisco AnyConnect Secure\u00a0Mobility\u00a0Client\u00a0Vulnerability'\nversion: '1.0'\nnumber: '2020-058'\ndate: 'December 8, 2020'\n---\n\n# Summary\n\nCisco released an advisory on the 4th of December regarding a vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software. It could allow an authenticated local attacker to cause a targeted AnyConnect user to execute a malicious script.\n\n# Technical Details\n\nThe vulnerability was assigned *CVE-2020-3556* with a CVSS score of 7.3 [1].\n\nThe vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user.\n\n# Products Affected\n\nThis vulnerability affects all versions of the Cisco AnyConnect Secure Mobility Client Software for the following platforms if they have a vulnerable configuration:\n\n* AnyConnect Secure Mobility Client for Windows\n* AnyConnect Secure Mobility Client for MacOS\n* AnyConnect Secure Mobility Client for Linux\n\nThis vulnerability does not affect Cisco AnyConnect Secure Mobility Client for the Apple iOS and Android platforms.\n\n# Recommendations\n\nCisco will release free software updates that will address the vulnerability described in this advisory.\n\nCERT-EU recommends updating Cisco AnyConnect Secure Mobility Clients once an update is available.\n\n## Workarounds\n\nThe recommended workaround is to upgrade to *Release 4.9.04053* and edit the `AnyConnectLocalPolicy.xml` file to set `RestrictScriptWebDeploy` to **true**. Ensure that `BypassDownloader` is set to **false**. The new `AnyConnectLocalPolicy.xml` file would then be deployed to end machines using an out-of-band method of deployment.\n\nThere are additional configuration settings for Release 4.9.04053 and later that are strongly recommended to be set for increased protection [2].\n\n# References\n\n[1] <https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK/>\n\n[2] <https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html#Cisco_Reference.dita_79c2fd57-db64-4449-9072-26e62e46630b>\n",
    "content_html": "<h2 id=\"summary\">Summary</h2><p>Cisco released an advisory on the 4th of December regarding a vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software. It could allow an authenticated local attacker to cause a targeted AnyConnect user to execute a malicious script.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability was assigned <em>CVE-2020-3556</em> with a CVSS score of 7.3 [1].</p><p>The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user.</p><h2 id=\"products-affected\">Products Affected</h2><p>This vulnerability affects all versions of the Cisco AnyConnect Secure Mobility Client Software for the following platforms if they have a vulnerable configuration:</p><ul><li>AnyConnect Secure Mobility Client for Windows</li><li>AnyConnect Secure Mobility Client for MacOS</li><li>AnyConnect Secure Mobility Client for Linux</li></ul><p>This vulnerability does not affect Cisco AnyConnect Secure Mobility Client for the Apple iOS and Android platforms.</p><h2 id=\"recommendations\">Recommendations</h2><p>Cisco will release free software updates that will address the vulnerability described in this advisory.</p><p>CERT-EU recommends updating Cisco AnyConnect Secure Mobility Clients once an update is available.</p><h3 id=\"workarounds\">Workarounds</h3><p>The recommended workaround is to upgrade to <em>Release 4.9.04053</em> and edit the <code>AnyConnectLocalPolicy.xml</code> file to set <code>RestrictScriptWebDeploy</code> to <strong>true</strong>. Ensure that <code>BypassDownloader</code> is set to <strong>false</strong>. The new <code>AnyConnectLocalPolicy.xml</code> file would then be deployed to end machines using an out-of-band method of deployment.</p><p>There are additional configuration settings for Release 4.9.04053 and later that are strongly recommended to be set for increased protection [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK/\">https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html#Cisco_Reference.dita_79c2fd57-db64-4449-9072-26e62e46630b\">https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/release/notes/release-notes-anyconnect-4-9.html#Cisco_Reference.dita_79c2fd57-db64-4449-9072-26e62e46630b</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}