CVE-2020-3433
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
CVSS
—
No CVSS
EPSS
10.0%
p95
KEV
YES
Oct 24, 2022
Exploit Today
79
0-100
Published: — · Last modified: —
Product
Cisco / AnyConnect Secure
Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Added to KEV
Oct 24, 2022
Remediate by
Nov 14, 2022
Known ransomware use
Yes
Summary description
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
Required action
Apply updates per vendor instructions.
Notes
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433