Cisco AnyConnect¤ÈCisco Secure Client¤ÎÀȼåÀ­¡¢PoC¸ø³«¤Ç¥ê¥¹¥¯ÁýÂç

Cisco Systems¤Ï6·î7Æü(Êƹñ»þ´Ö)¤Ë¡ÖCisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability¡×¤Ë¤ª¤¤¤Æ¡ÖCisco AnyConnect Secure Mobility Client Software¡×¤È¡ÖCisco Secure Client Software¡×¤ËÀȼåÀ­¤¬Â¸ºß¤¹¤ë¤ÈÅÁ¤¨¤¿¡£

Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability

½¤ÀµÂоݤÎÀȼåÀ­¤Ï¡ÖCVE-2023-20178¡×¤È¤·¤ÆÆÃÄꤵ¤ì¡¢¤½¤Î¿¼¹ïÅ٤϶¦ÄÌÀȼåÀ­É¾²Á¥·¥¹¥Æ¥à(CVSS: Common Vulnerability Scoring System)¤Î¥¹¥³¥¢ÃÍ7.8¤Ç½ÅÍ×(High)¤Èɾ²Á¤µ¤ì¤Æ¤¤¤ë¡£±Æ¶Á¤ò¼õ¤±¤ë¤È¤µ¤ì¤ëÀ½Éʤϼ¡¤Î¤È¤ª¤ê¡£

Cisco AnyConnect Secure Mobility Client Software for Windows

Cisco Secure Client Software for Windows

ÀȼåÀ­¤Î¿¼¹ïÅ٤ϡֽÅÍ×(High)¡×¤Ç¤¢¤ê¡¢¶ÛµÞ(Critical)¤Ë¤ÏʬÎव¤ì¤Æ¤¤¤Ê¤¤¡£¤·¤«¤·¡¢¤³¤Î¤Û¤É¸¦µæ¼Ô¤Ë¤è¤Ã¤Æ³µÇ°¼Â¾Ú(PoC: Proof of Concept)¤¬¸ø³«¤µ¤ì¤¿¤³¤È¤Ç¾õ¶·¤¬ÊѤï¤Ã¤¿¡£

ÀȼåÀ­¡ÖCVE-2023-20178¡×¤ò°­ÍѤ·¤ÆǤ°Õ¤Î¥Õ¥¡¥¤¥ë¤òºï½ü¤¹¤ëPoC¤¬¡ÖWh04m1001/CVE-2023-20178¡×¤Ë¤ª¤¤¤Æ¸ø³«¤µ¤ì¤¿¡£¸ø³«¤µ¤ì¤¿PoC¤ÏÀȼåÀ­¤Î¸¦µæ¤ËÍøÍѤµ¤ì¤ë¤¬¡¢Æ±»þ¤Ë¡¢¥µ¥¤¥Ð¡¼ÈȺá¼Ô¤Ë¤è¤Ã¤Æ¤â°­ÍѤµ¤ì¤ë¡£PoC¤¬¸ø³«¤µ¤ì¤¿¤³¤È¤Ç¾õ¶·¤Ï¤è¤ê¥ê¥¹¥¯¤¬¹â¤¯¤Ê¤Ã¤Æ¤¤¤ë¡£³ºÅö¤¹¤ëÀ½Éʤò»ÈÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ï¤¿¤À¤Á¤Ë¥¢¥Ã¥×¥Ç¡¼¥È¤òŬÍѤ¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤ë¡£