CVE-2020-3433 - Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
CVE-2020-3433
Cisco | AnyConnect Secure
- Date Added:
- 2022-10-24
- Due Date:
- 2022-11-14
- Vulnerability Name
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
- Description
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
- Known To Be Used in Ransomware Campaigns?
Known
- Action
Apply updates per vendor instructions.
- Additional Notes
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433
Free security scan for your website