medium
5.5
CWE
20
Advisory Published

cisco-sa-anyconnect-profile-7u3PERKF: Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability

First published: Wed Aug 05 2020(Updated: )

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-profile-7u3PERKF

Credit: Antoine Goichot PwC Luxembourg's Cybersecurity team

Affected SoftwareAffected VersionHow to fix
Cisco AnyConnect Secure

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the severity of cisco-sa-anyconnect-profile-7u3PERKF?

    The vulnerability cisco-sa-anyconnect-profile-7u3PERKF is classified as high severity due to the potential for authenticated local attackers to overwrite VPN profiles.

  • How do I fix cisco-sa-anyconnect-profile-7u3PERKF?

    To remediate the vulnerability cisco-sa-anyconnect-profile-7u3PERKF, upgrade to the latest version of Cisco AnyConnect Secure Mobility Client that addresses this issue.

  • What are the potential impacts of cisco-sa-anyconnect-profile-7u3PERKF?

    Exploitation of cisco-sa-anyconnect-profile-7u3PERKF could lead to unauthorized modifications of VPN profiles, impacting the integrity of the VPN setup.

  • Who is affected by cisco-sa-anyconnect-profile-7u3PERKF?

    The vulnerability cisco-sa-anyconnect-profile-7u3PERKF affects users operating the Cisco AnyConnect Secure Mobility Client on Windows.

  • What conditions are necessary to exploit cisco-sa-anyconnect-profile-7u3PERKF?

    An attacker must be authenticated and local to the device running the affected version of Cisco AnyConnect to exploit the cisco-sa-anyconnect-profile-7u3PERKF vulnerability.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203