CVE-2020-3556 | Cisco AnyConnectí§Òâ´úÂëÖ´ÐÐÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-11-05

0x00 Îó²î¸ÅÊö

CNVD   ID

CVE-2020-3556

ʱ    ¼ä

2020-11-05

Àà    ÐÍ

´úÂëÖ´ÐÐ

µÈ    ¼¶

¸ßΣ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£

AnyConnect¿Í»§¶Ë£ºLinux°æ±¾

MacOS°æ±¾

Windows°æ

 

0x01 Îó²îÏêÇé

 

image.png

2020Äê11ÔÂ04ÈÕ£¬£¬£¬CiscoÐû²¼Éæ¼°Æä¶à¸ö²úÆ·µÄ25¸öÇå¾²¸üУ¬£¬£¬ÆäÖÐÓÐ12¸öÎó²îÆÀ¼¶Îª¸ßΣ£¬£¬£¬13¸öÎó²îÆÀ¼¶ÎªÖÐΣ¡£¡£¡£¡£ ¡£

ÆäÖÐÖµµÃ×¢ÖصÄÊÇCisco AnyConnect Secure Mobility ClientÖеÄÒ»¸ö0dayÎó²î£¨CVE-2020-3556£©£¬£¬£¬ÆäCVSSÆÀ·Ö7.3¡£¡£¡£¡£ ¡£CiscoÒѾ­¹ûÕæÁË´ËÎó²îµÄPoC¡£¡£¡£¡£ ¡£

¸ÃÎó²îλÓÚCisco AnyConnect¿Í»§¶ËµÄÀú³Ì¼äͨѶ£¨IPC£©Í¨µÀÖУ¬£¬£¬ÓÉÓÚȱ·¦¶ÔIPCÕìÌýÆ÷µÄÉí·ÝÑéÖ¤£¬£¬£¬¹¥»÷Õß¿ÉÒÔ·¢ËͶñÒâIPCÐÂÎŵ½AnyConnect¿Í»§¶ËµÄIPCÕìÌýÆ÷À´¾ÙÐй¥»÷¡£¡£¡£¡£ ¡£ÀÖ³ÉʹÓôËÎó²î¿ÉÄܵ¼Ö¹¥»÷ÕßÓÕʹĿµÄAnyConnectÓû§Ö´ÐжñÒâ¾ç±¾¡£¡£¡£¡£ ¡£

CiscoÒÑÈ·ÈÏ´ËÎó²î²»»áÓ°ÏìApple iOSºÍAndroidÉϵÄCisco AnyConnect¿Í»§¶Ë¡£¡£¡£¡£ ¡£

0x02 ´¦Öóͷ£½¨Òé

¹Ù·½ÔÝδÐû²¼´ËÎó²îµÄ²¹¶¡¡£¡£¡£¡£ ¡£

»º½â²½·¥£º

½ûÓÃ×Ô¶¯¸üй¦Ð§¡£¡£¡£¡£ ¡£

²Î¿¼ÅþÁ¬£º

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/administration/guide/b_AnyConnect_Administrator_Guide_4-9/deploy-anyconnect.html?bookSearch=true#ID-1425-00000455

ÈôÊÇÎÞ·¨½ûÓÃ×Ô¶¯¸üй¦Ð§£¬£¬£¬Ôò½ûÓá°ÆôÓþ籾¡±ÉèÖᣡ£¡£¡£ ¡£

²Î¿¼Á´½Ó£º

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect49/administration/guide/b_AnyConnect_Administrator_Guide_4-9/anyconnect-profile-editor.html?bookSearch=true#ID-1430-000000c8


0x03 ²Î¿¼Á´½Ó

https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK

https://securityaffairs.co/wordpress/110414/security/zero-day-cisco-anyconnect-secure-mobility-client.html?


0x04 ʱ¼äÏß

2020-11-04  CiscoÐû²¼Ç徲ͨ¸æ

2020-11-05  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

 

 image.png