// For flags

CVE-2020-3556

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability

Severity Score

7.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability.

Una vulnerabilidad en el canal interprocess communication (IPC) de Cisco AnyConnect Secure Mobility Client Software, podría permitir a un atacante local autenticado causar que un usuario de AnyConnect apuntado ejecute un script malicioso. La vulnerabilidad es debido a una falta de autenticación del oyente de IPC. Un atacante podría explotar esta vulnerabilidad mediante el envío mensajes IPC diseñados a la escucha de IPC del cliente AnyConnect. Una explotación con éxito podría permitir a un atacante causar que el usuario apuntado de AnyConnect ejecute un script. Este script se ejecutaría con los privilegios del usuario de AnyConnect apuntado. Para explotar con éxito esta vulnerabilidad, debe haber una sesión AnyConnect en curso por parte del usuario apuntado en el momento del ataque. Para explotar esta vulnerabilidad, el atacante también podría necesitar credenciales de usuario válidas en el sistema en el esta siendo ejecutado el cliente AnyConnect. Cisco no ha publicado actualizaciones de software que abordan esta vulnerabilidad

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-12 CVE Reserved
  • 2020-11-06 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
 4.9\(3052\)
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.9\(3052\)"
-
Affected
Cisco
Search vendor "Cisco"
 Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
 98.145\(86\)
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "98.145\(86\)"
-
Affected