CVE-2020-3556: 
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2020-3556) was discovered in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software. The vulnerability affects Windows, macOS, and Linux versions of the software, with a CVSS score of 7.3 out of 10. The flaw was disclosed on November 4, 2020, and proof-of-concept exploit code was publicly available at the time of disclosure (Threatpost, BleepingComputer).

The vulnerability exists in the interprocess communication (IPC) channel of the AnyConnect client, specifically due to a lack of authentication in the IPC listener. An authenticated attacker with local network access could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploitation requires both the Auto Update setting (enabled by default) and Enable Scripting setting (disabled by default) to be enabled, along with an active AnyConnect session by the targeted user (BleepingComputer).

A successful exploit could allow an authenticated attacker to cause a targeted AnyConnect user to execute a malicious script with the privileges of the targeted user. The attacker would need valid user credentials on the system where the AnyConnect client is running (Threatpost).

While no direct patch was initially available, the vulnerability can be mitigated by disabling the Auto Update feature and ensuring the Enable Scripting configuration setting is turned off on affected devices. Cisco planned to address this vulnerability in a future release of the AnyConnect Secure Mobility Client Software (BleepingComputer).