Cisco Reveals Zero-Day VPN Bug Without a Fix

Cisco doesn’t yet have a fix for a zero-day vulnerability in the Linux, MacOS, and Windows versions of its virtual private network (VPN) software, AnyConnect Secure Mobility Client. While Cisco says it isn’t aware of any instances in which attackers have exploited the vulnerability, in a security advisory updated late Thursday, the vendor warned that a proof-of-concept exploit code is available, and this would make it significantly easier to take advantage of the flaw. The high-severity bug, CVE-2020-3556, earned a CVSS score of 7.3 and is an arbitrary code execution vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client software. It’s due to a lack of authentication to the IPC listener, and attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. If exploited, an attacker could execute a malicious script via the targeted AnyConnect user.