Corporate Virtual Private Networks (VPNs) enable users to work from home or while traveling. At the same time, VPNs are tied to a company's network infrastructure, forcing users to install proprietary clients for network compatibility reasons. VPN clients run with high privileges to encrypt and reroute network traffic. Thus, bugs in VPN clients pose a substantial risk to their users and in turn the corporate network. Cisco, the dominating vendor of enterprise network hardware, offers VPN connectivity with their AnyConnect client for desktop and mobile devices. While past security research primarily focused on the AnyConnect Windows client, we show that Linux and iOS are based on different architectures and have distinct security issues. Our reverse engineering as well as the follow-up design analysis and fuzzing reveal 13 new vulnerabilities. Seven of these are located in the Linux client. The root cause for privilege escalations on Linux is anchored so deep in the client's architecture that it only got patched with a partial workaround. A similar analysis on iOS uncovers three AnyConnect-specific bugs as well as three general issues in iOS network extensions, which apply to all kinds of VPNs and are not restricted to AnyConnect.
翻译:公司虚拟私人网络(VPNs) 使用户能够在家里工作或旅行时工作。 同时, VPNs 与公司的网络基础设施挂钩,迫使用户安装专有客户,因为网络兼容性的原因。 VPN 客户运行时拥有对网络通信进行加密和改变路由的高度特权。 VPN 客户的错误对其用户构成了巨大的风险,反过来又对公司网络构成很大的风险。 企业网络硬件的主导供应商Cisco为桌面和移动设备提供了VPN与其 Any Connect客户端的连接。虽然以往的安全研究主要侧重于 Anyconnect Windows 客户端,但我们显示Linux 和iOS 用户端基于不同的结构并有不同的安全问题。 我们的反向工程以及后续设计分析和模糊显示13个新的弱点。 其中7个是Linux 客户端。 Linux 特权升级的根源在客户端结构中根深蒂固,只能与部分工作相补。 对iOS 发现三个任何 Connective 特定错误进行类似的分析, 也是限制 iOS 网络的3个普通问题。
相关内容
微信扫码咨询专知VIP会员