TU Darmstadt / ULB / TUbiblio

Very Pwnable Network: Cisco AnyConnect Security Analysis

Roitburd, Gerbert ; Ortmann, Matthias ; Hollick, Matthias ; Classen, Jiska (2021)
Very Pwnable Network: Cisco AnyConnect Security Analysis.
IEEE Conference on Communications and Network Security. virtual Conference (04.-06.10.2021)
doi: 10.1109/CNS53000.2021.9705023
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Corporate Virtual Private Networks (VPNs) enable users to work from home or while traveling. At the same time, VPNs are tied to a company’s network infrastructure, forcing users to install proprietary clients for network compatibility reasons. VPN clients run with high privileges to encrypt and reroute network traffic. Thus, bugs in VPN clients pose a substantial risk to their users and in turn the corporate network. Cisco, the dominating vendor of enterprise network hardware, offers VPN connectivity with their AnyConnect client for desktop and mobile devices. While past security research primarily focused on the AnyConnect Windows client, we show that Linux and iOS are based on different architectures and have distinct security issues. Our reverse engineering as well as the follow-up design analysis and fuzzing reveal 13 new vulnerabilities. Seven of these are located in the Linux client. The root cause for privilege escalations on Linux is anchored so deep in the client’s architecture that it only got patched with a partial workaround. A similar analysis on iOS uncovers three AnyConnect-specific bugs as well as three general issues in iOS network extensions, which apply to all kinds of VPNs and are not restricted to AnyConnect.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2021
Autor(en): Roitburd, Gerbert ; Ortmann, Matthias ; Hollick, Matthias ; Classen, Jiska
Art des Eintrags: Bibliographie
Titel: Very Pwnable Network: Cisco AnyConnect Security Analysis
Sprache: Englisch
Publikationsjahr: 7 Oktober 2021
Verlag: IEEE
Buchtitel: 2021 IEEE Conference on Communications and Network Security (CNS)
Veranstaltungstitel: IEEE Conference on Communications and Network Security
Veranstaltungsort: virtual Conference
Veranstaltungsdatum: 04.-06.10.2021
DOI: 10.1109/CNS53000.2021.9705023
Kurzbeschreibung (Abstract):

Corporate Virtual Private Networks (VPNs) enable users to work from home or while traveling. At the same time, VPNs are tied to a company’s network infrastructure, forcing users to install proprietary clients for network compatibility reasons. VPN clients run with high privileges to encrypt and reroute network traffic. Thus, bugs in VPN clients pose a substantial risk to their users and in turn the corporate network. Cisco, the dominating vendor of enterprise network hardware, offers VPN connectivity with their AnyConnect client for desktop and mobile devices. While past security research primarily focused on the AnyConnect Windows client, we show that Linux and iOS are based on different architectures and have distinct security issues. Our reverse engineering as well as the follow-up design analysis and fuzzing reveal 13 new vulnerabilities. Seven of these are located in the Linux client. The root cause for privilege escalations on Linux is anchored so deep in the client’s architecture that it only got patched with a partial workaround. A similar analysis on iOS uncovers three AnyConnect-specific bugs as well as three general issues in iOS network extensions, which apply to all kinds of VPNs and are not restricted to AnyConnect.

Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Sichere Mobile Netze
Hinterlegungsdatum: 16 Feb 2022 08:00
Letzte Änderung: 16 Feb 2022 08:00
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen