Cisco has fixed a highly severe flaw in its business VPN – so patch now – 2023-06-08 14:00:37 – Source link

Cisco released a patch for a high-severity flaw that was plaguing its Cisco Secure Client. The flaw, tracked as CVE-2023-20178, allowed threat actors elevate account privileges and tamper with the system on the admin level. No interaction on the victim’s side was necessary.

“This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the upgrade process,” Cisco said in its security advisory published with the patch. “An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process.”

Source link

Add a Comment