CVE-2020-27123

MEDIUM

Cisco AnyConnect Secure Mobility Client for Windows - Info Disclosure

Title source: llm

Description

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-file-read-LsvDD6Uh

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-749

Status published

Products (1)

cisco/anyconnect_secure_mobility_client < 4.9.03047

Published Nov 06, 2020

Tracked Since Feb 18, 2026