/>
X

Critical flaw in Cisco Secure Desktop

If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package.
ryan-naraine.jpg
Written by Ryan Naraine on

The Cisco Secure Desktop contains a vulnerable ActiveX control that could allow an attacker to execute arbitrary code with the privileges of the user who is currently logged into the affected system, according to a warning from the networking vendor.

The company issued a patch alongside a warning that successful exploitation of this vulnerability could result in a "complete compromise of the affected system."

The details from Cisco's advisory:

A Cisco-signed ActiveX control that is used by Cisco Secure Desktop fails to properly verify the integrity of an executable file that is used by the Cisco Secure Desktop installation process. If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package. The package could contain a malicious executable file that executes with the privileges of the affected user. A successful exploit could result in a complete compromise of a vulnerable system.

The issue affects Cisco Secure Desktop versions prior to 3.5.841.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one
img-1724

I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one

Electric Vehicles
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones