CVE-2020-3153
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
CVSS
—
Sin CVSS
EPSS
28.3%
p98
KEV
SÍ
24 oct 2022
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Cisco / AnyConnect Secure
Vulnerabilidad
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Añadido a KEV
24 oct 2022
Remediar antes de
14 nov 2022
Uso conocido en ransomware
Sí
Descripción resumida
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.
Acción requerida
Apply updates per vendor instructions.
Notas
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj; https://nvd.nist.gov/vuln/detail/CVE-2020-3153