⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply updates per vendor instructions.. Due date: 2022-11-14.

CVE-2020-3153

CWE-4278 documents8 sources
Severity
6.5MEDIUM
EPSS
25.1%
top 3.82%
CISA KEV
KEVRansomware
Added 2022-10-24
Due 2022-11-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco Cisco Anyconnect Secure Mobility ClientCisco Anyconnect Secure Mobility Client
Timeline
PublishedFeb 19
KEV addedOct 24
KEV dueNov 14
CISA Required Action: Apply updates per vendor instructions.

Description

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_anyconnect_secure_mobility_clientunspecifiedn/a

🔴Vulnerability Details

3
GHSA
GHSA-xpxv-rfwh-rcfc: A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy2022-05-24
CVEList
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability2020-02-19
VulnCheck
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability2020

💥Exploits & PoCs

1
Metasploit
Cisco AnyConnect Privilege Escalations (CVE-2020-3153 and CVE-2020-3433)

🔍Detection Rules

1
Suricata
ET EXPLOIT Cisco AnyConnect Path Traversal Priv Esc (CVE-2020-3153)2020-06-10

📋Vendor Advisories

2
CISA
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability2022-10-24
Cisco
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability2020-02-19
CVE-2020-3153 (MEDIUM CVSS 6.5) | A vulnerability in the installer co | cvebase.io