CVE-2020-3433
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
CVSS
—
Sin CVSS
EPSS
10.0%
p95
KEV
SÍ
24 oct 2022
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
Cisco / AnyConnect Secure
Vulnerabilidad
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Añadido a KEV
24 oct 2022
Remediar antes de
14 nov 2022
Uso conocido en ransomware
Sí
Descripción resumida
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
Acción requerida
Apply updates per vendor instructions.
Notas
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433