ALERT (11/6/20, 1 p.m.EST) Recommended Actions to Contain Vulnerability in Cisco AnyConnect VPN Platform

November 6, 2020

A recent vulnerability in the Cisco AnyConnect VPN platform has been disclosed that could allow an attacker to execute malicious code/scripts via a targeted user. Cisco has also advised that a proof-of-concept exploit code is already publicly available.

While security updates are not yet available for this vulnerability, Cisco is working on addressing the zero-day, with a fix coming in a future AnyConnect client release.

The following actions should be taken immediately:

1. A vulnerable configuration requires both the Auto Update setting and Enable Scripting setting to be enabled. Auto Update is enabled by default, and Enable Scripting is disabled by default.

2.  The Enable Scripting feature should be disabled as a temporary means of mitigation at a minimum, though both settings can be disabled temporarily to further reduce the attack surface.

To check these settings on the Adaptive Security Appliance (ASA), go to Configuration> Remote Access VPN > Network (Client) Access > AnyConnect Client Profile. Additional details can be found in the AnyConnect Profile Editor chapter in the Cisco AnyConnect Secure Mobility Client Administrator Guide.

The useful links to read about this news are below:
https://www.bleepingcomputer.com/news/security/cisco-discloses-anyconnect-vpn-zero-day-exploit-code-available/

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK

Questions?  Contact your CPP representative for more information.  Stay safe out there…