CVE-2020-3153

MEDIUM KEV RANSOMWARE

Cisco AnyConnect < - Path Traversal

Title source: llm

Description

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Exploits (4)

nomisec WORKING POC 106 stars
by goichot · poc
https://github.com/goichot/CVE-2020-3153
nomisec WORKING POC 5 stars
by shubham0d · local
https://github.com/shubham0d/CVE-2020-3153
nomisec WORKING POC
by raspberry-pie · local
https://github.com/raspberry-pie/CVE-2020-3153
metasploit WORKING POC EXCELLENT
by Yorick Koster, Antoine Goichot (ATGO), Christophe De La Fuente · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/anyconnect_lpe.rb

References (6)

Scores

CVSS v3 6.5
EPSS 0.2509
EPSS Percentile 96.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Exploitation Intel

CISA KEV 2022-10-24
VulnCheck KEV 2022-10-20
InTheWild.io 2022-10-24
ENISA EUVD EUVD-2020-24424
Ransomware Use Confirmed

Classification

CWE
CWE-427
Status published

Affected Products (1)

cisco/anyconnect_secure_mobility_client < 4.8.02042

Timeline

Published Feb 19, 2020
KEV Added Oct 24, 2022
Tracked Since Feb 18, 2026