Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2020-3153

Published: 19/02/2020 Updated: 01/01/2022
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.5 | Impact Score: 4 | Exploitability Score: 2
VMScore: 437
Vector: AV:L/AC:L/Au:N/C:N/I:C/A:N
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local malicious user to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the malicious user to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco anyconnect secure mobility client

Vendor Advisories

Cisco: Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges The vulnerability is due to the incorrect handling of directory paths An attacker could exploit this vulnerability by cre ...

Exploits

Exploit DB: Cisco AnyConnect Privilege Escalation
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4802042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4900086 is vulnerable to ...
Exploit DB: Cisco AnyConnect Secure Mobility Client 4.8.01090 Privilege Escalation
Cisco AnyConnect Secure Mobility Client for Windows version 4801090 suffer from a privilege escalation vulnerability due to insecure handling of path names ...

Github Repositories

https://github.com/goichot/CVE-2020-3153

Cisco AnyConnect < 4.8.02042 privilege escalation through path traversal

CVE-2020-3153 Cisco AnyConnect &lt; 4802042 privilege escalation through path traversal Description The auto-update feature of Cisco AnyConnect is affected by a path traversal vulnerability An attacker can exploit this vulnerability to gain system level privileges For more details, please refer to: the original advisory SSD Advisory my notes Exploit This exploit uses

https://github.com/srozb/anypwn

Pwn any Anyconnect (except those patched).

AnyPwn Pwn any Anyconnect (except those patched) This repo summarizes the fun I had playing with Cisco Anyconnect VPN Mobility Client It's more like a framework to craft malicious CIPC messages and fuzz the vpnserviceexe Hope to get back to this one day My take on CVE-2020-3153 implements a slight difference in payload to evade Symantec HIPS Exploits implemented so f

https://github.com/shubham0d/CVE-2020-3153

POC code for CVE-2020-3153 - Cisco anyconnect path traversal vulnerability

CVE-2020-3153 POC code for CVE-2020-3153 - Cisco anyconnect path traversal vulnerability Read more about the vulnerability here: ssd-disclosurecom/ssd-advisory-cisco-anyconnect-privilege-elevation-through-path-traversal/ Steps to follow to get Windows shell on desktop with SYSTEM privilege: In file class1cs, Change the Username string to your user account directory i

https://github.com/raspberry-pie/CVE-2020-3153

PoC for CVE-2020-3153 Cisco AnyConnect Secure Mobility Client EoP

CVE-2020-3153 Cisco AnyConnect Secure Mobility Client EoP PoC Thanks to Yorick Koster for publishing details This is a proof of concept for a path traversal vulnerability in Cisco AnyConnect Secure Mobility Client Tested with Windows 7 and Windows 10 and AnyConnect version 45x and 46x For version 4704x and 48x you need to run anypoc_47exe Copy the files from anyco

Recent Articles

Cisco AnyConnect Windows client under active attack
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Make sure you're patched – and update VMware Cloud Foundation, too, by the way

Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers. One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code with SYSTEM-level privileges. A rogue insider or malware on a PC can use this to gain total control over the system. It affects Cisco AnyConnect Secure Mobility Client for ...

Read more...

References

CWE-427https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsjhttp://seclists.org/fulldisclosure/2020/Apr/43http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.htmlhttps://nvd.nist.govhttps://github.com/goichot/CVE-2020-3153https://www.theregister.co.uk/2022/10/26/cisco_vpn_bugs_exploited/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook