Corporate Virtual Private Networks (VPNs) enable users to work from home or
while traveling. At the same time, VPNs are tied to a company’s network
infrastructure, forcing users to install proprietary clients for network
compatibility reasons. VPN clients run with high privileges to encrypt and
reroute network traffic. Thus, bugs in VPN clients pose a substantial risk to
their users and in turn the corporate network. Cisco, the dominating vendor of
enterprise network hardware, offers VPN connectivity with their AnyConnect
client for desktop and mobile devices. While past security research primarily
focused on the AnyConnect Windows client, we show that Linux and iOS are based
on different architectures and have distinct security issues. Our reverse
engineering as well as the follow-up design analysis and fuzzing reveal 13 new
vulnerabilities. Seven of these are located in the Linux client. The root cause
for privilege escalations on Linux is anchored so deep in the client’s
architecture that it only got patched with a partial workaround. A similar
analysis on iOS uncovers three AnyConnect-specific bugs as well as three
general issues in iOS network extensions, which apply to all kinds of VPNs and
are not restricted to AnyConnect.

Go to Source of this post
Author Of this post: <a href="http://arxiv.org/find/cs/1/au:+Roitburd_G/0/1/0/all/0/1">Gerbert Roitburd</a>, <a href="http://arxiv.org/find/cs/1/au:+Ortmann_M/0/1/0/all/0/1">Matthias Ortmann</a>, <a href="http://arxiv.org/find/cs/1/au:+Hollick_M/0/1/0/all/0/1">Matthias Hollick</a>, <a href="http://arxiv.org/find/cs/1/au:+Classen_J/0/1/0/all/0/1">Jiska Classen</a>

By admin