A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local malicious user to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the malicious user to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco anyconnect secure mobility client |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Make sure you're patched – and update VMware Cloud Foundation, too, by the way
Cisco says miscreants are exploiting two vulnerabilities in its AnyConnect Secure Mobility Client for Windows, which is supposed to ensure safe VPN access for remote workers. One of the pair of flaws, tracked as CVE-2020-3433, is a privilege-escalation issue: an authenticated, local user can exploit AnyConnect to execute code with SYSTEM-level privileges. A rogue insider or malware on a PC can use this to gain total control over the system. It affects Cisco AnyConnect Secure Mobility Client for ...