Researchers released a PoC exploit for CVE-2023-20178 flaw in Cisco AnyConnect Secure
A proof-of-concept (PoC) exploit code for a high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure has been published online. The vulnerability, which has a CVSS score of 7.8, impacts Cisco AnyConnect Secure Mobility Client and Secure Client for Windows. An attacker can exploit the vulnerability to elevate privileges to those of the SYSTEM. Cisco has credited researcher Filip Dragovic for reporting the vulnerability, and the PoC has successfully worked on Secure Client version 5.0.01242 and AnyConnect Secure Mobility Client version 4.10.06079. Cisco's Product Security Incident Response Team (PSIRT) confirmed that they are not aware of any attacks in the wild exploiting this vulnerability. CVEs: CVE-2023-20178 [View Article](https://ciso2ciso.com/researchers-released-a-poc-exploit-for-cve-2023-20178-flaw-in-cisco-anyconnect-secure-source-securityaffairs-com/)