Description
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
Exploits (4)
metasploit
WORKING POC
EXCELLENT
by Yorick Koster, Antoine Goichot (ATGO), Christophe De La Fuente · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/anyconnect_lpe.rb
References (6)
Scores
CVSS v3
6.5
EPSS
0.2509
EPSS Percentile
96.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
partial
Details
CISA KEV
2022-10-24
VulnCheck KEV
2022-10-20
InTheWild.io
2022-10-24
ENISA EUVD
EUVD-2020-24424
Ransomware Use
Confirmed
CWE
CWE-427
Status
published
Products (1)
cisco/anyconnect_secure_mobility_client
< 4.8.02042
Published
Feb 19, 2020
KEV Added
Oct 24, 2022
Tracked Since
Feb 18, 2026