Рет қаралды 2,083
"Explore a step-by-step demonstration of the recent CVE-2023-20178, a privilege escalation vulnerability in Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows. We delve into how a low-privileged, authenticated, local attacker could exploit this vulnerability to gain SYSTEM privileges. We'll highlight the improper permissions assigned to a temporary directory created during the client update process and demonstrate how this can be exploited by abusing a specific function of the Windows installer process.
Note: This video is purely educational, designed to raise awareness and improve security measures. Cisco has already released free software updates addressing this vulnerability. Please ensure you're using a fixed software release, such as 4.10MR7 or 5.0MR2, for the respective software."