Cisco AnyConnect

Main article: Firewall

2020: Detection of the vulnerability allowing to execute the code

The Cisco company disclosed details about vulnerability in the client of the protected mobile access of AnyConnect Secure Mobility Client allowing to execute the code. It became known on November 5, 2020.

The PoC-exploit is already available to vulnerability, but Cisco just works on its correction. According to Cisco Product Security Incident Response Team, cybercriminals do not use vulnerability in the attacks yet.

The problem which got ID CVE-2020-3556 exists in a communication channel for inter-process communication (IPC) and allows local authorized attacking to execute harmful scripts with the privileges of the current user. Vulnerability exists due to the lack of authentication for the student of IPC and in order that to exploit it, the malefactor should send to the student of IPC of the vulnerable client of AnyConnect in a special way the configured IPC message.

Active user session of AnyConnect is necessary for operation of vulnerability in attack time. Besides, the malefactor will need the valid credentials of the user of a system on which the client of AnyConnect is started.

The problem mentions all versions of the client of AnyConnect for Windows, Linux, and macOS with vulnerable configurations and does not mention mobile versions for iOS - and Android devices. Operation of vulnerability is possible if in the client the options Auto Update are activated (it is included by default) and Enable Scripting (it is disconnected by default).

Though correction is not released yet, it is possible to secure itself against the attacks with operation of CVE-2020-3556, having disconnected Auto Update. Shutdown of Enable Scripting on systems where it is included, will also allow to reduce the surface of the attacks.

The problem was detected by the specialist of Secure Mobile Networking Lab of Technical University of Darmstadt Gerbert Roitburd who announced it^[1].

2016: Cisco Umbrella Roaming

On August 3, 2016 the Cisco company announced inclusion in the structure of AnyConnect of the module Umbrella Roaming.

Cisco Umbrella Roaming is the centralized cloud solution eliminating "blind spots" out of network and protecting employees in roaming where they were. The module Umbrella Roaming is built in the VPN solution Cisco AnyConnect. The organizations can add one more level of off-network protection blocking connection to the harmful websites without the need for installation of additional software agents.

Chart of interaction Cisco Umbrella Roaming, (2016)

2015: Cisco AnyConnect 4.2

On November 21, 2015 the Cisco company announced release of AnyConnect Secure Mobility Client for support of the context focused, complex use of security policies regardless of the physical location of terminal units.

By software it is upgraded to version 4.2 and helps to improve security of corporate networks and terminal units, to protect digital assets of the organizations using the improved functions of monitoring and control. The module of observation of network (Network Visibility Module, NVM) helps to analyze traffic on presence of the malware and undesirable activity, gives to customers opportunities of observation of network traffic of applications (the traditional, potoko-focused solutions for observation of network cannot provide such opportunities).

Overview of the new version of Cisco AnyConnect 4.2 (2015)

The module collects data from the terminal units (for example, from notebooks) working both in the territory of the enterprise and beyond its limits, and at the same time carries out the accounting of a context on users, applications, devices, location and the direction of the movement of data. NVM is available to systems Windows and OS X.

The collected various contextual data help the organizations to keep track of activity of users and terminal units that has huge value in the conditions of modern IT environments where it is impossible to define exact borders of a working space, and enciphering at the level of applications strongly reduces efficiency of the existing control facilities.

Using AnyConnect NVM the information flows enriched with contextual data can be presented in the form of standard records of the traditional, potoko-focused format that helps specialists in security of networks and applications to solve normal problems of planning of performance of applications, fault finding and the analysis of network activity and also to carry out detection and protection against potential threats to the increased complexity.

The expanded functions of check of profiles of security available to systems Windows and OS X, allow to guarantee compliance of the terminal units connecting to access point, to regulatory requirements of the organization.

At sharing about Cisco ISE, the module AnyConnect ISE Posture provides check of as far as politicians of terminal units correspond to politicians of the applied services of disk encryption (for example, services Bit Locker, File Vault, etc.). It allows to guarantee security of the corporate data located on terminal units. Administrators of the organizations can also apply additional requirements to file checks with guarantee to provide support of special corporate services.

The complemented functions:

• Support of IPv6 protocol
• Additional support IPv6 (earlier it was provided only for systems Windows/iOS) will be available also now to public networked environments when addressing use is impossible IPv4.
• The improved flexibility of work of captive portal services
• The solution AnyConnect allows to turn off detection of captive portal services that can be useful for the organizations which are not needing the additional level of informing end users.

2011: Client telemetry of Cisco AnyConnect for global service of Cisco Security Intelligence Operations

AnyConnect 3.0 adds to service of Cisco Security Intelligence Operations telemetry of client threats in real time that will lift functionality of the set base of the devices protecting networks and content to new level (today them there are more than 700 thousand). Telemetered informations of the existing services of Cisco for protection of e-mail, the Internet, intrusion prevention systems, firewalls and cloud computing create a powerful global context and support "smart" functions of information security, guaranteeing fast and effective reflection of the dangerous attacks of different type. Today in the world there are over 150 million clients of AnyConnect and traditional networks VPN which will obtain much more detailed data about threats and "smart" opportunities of their reflection using service of Cisco Security Intelligence Operations.

Cisco AnyConnect 3.0 supports delivery of web services of information security via Cisco IronPort Web Security Appliances devices and also using one of the cloud services of information security, best in the industry, - Cisco ScanSafe. Now customers of Cisco can use hybrid means of protecting of mobile networks, using for this purpose optimal location of systems (at themselves in the company or in a network cloud).