CVE-2020-3433
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
Una vulnerabilidad en el canal de comunicación entre procesos (IPC) de Cisco AnyConnect Secure Mobility Client para Windows podría permitir a un atacante local autenticado llevar a cabo un ataque de secuestro de DLL. Para explotar esta vulnerabilidad, el atacante debería tener credenciales válidas en el sistema Windows. La vulnerabilidad es debido a una comprobación insuficiente de los recursos que son cargados por la aplicación en el tiempo de ejecución. Un atacante podría explotar esta vulnerabilidad mediante el envío de un mensaje IPC diseñado al proceso AnyConnect. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario en la máquina afectada con privilegios SYSTEM. Para explotar esta vulnerabilidad, el atacante podría necesitar credenciales válidas en el sistema Windows.
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.9.00086 is vulnerable to a DLL hijacking and allows local attackers to execute code on the affected machine with with system level privileges. Both attacks consist in sending a specially crafted IPC request to the TCP port 62522 on the loopback device, which is exposed by the Cisco AnyConnect Secure Mobility Agent service.
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2019-12-12 CVE Reserved
- 2020-08-17 CVE Published
- 2020-09-25 First Exploit
- 2022-10-24 Exploited in Wild
- 2022-11-14 KEV Due Date
- 2023-03-08 EPSS Updated
- 2024-11-08 CVE Updated
CWE
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (5)
| URL | Date | SRC |
|---|---|---|
| https://github.com/goichot/CVE-2020-3433 | 2020-09-25 | |
| http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html | 2024-11-08 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" | < 4.9.00086 Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version " < 4.9.00086" | windows |
Affected
| ||||||