CVE-2020-3433

HIGH KEV RANSOMWARE

Cisco AnyConnect Secure Mobility Client for Windows - DLL Hijacking

Title source: llm

Description

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

Exploits (1)

nomisec WORKING POC 43 stars
by goichot · local
https://github.com/goichot/CVE-2020-3433

References (3)

Scores

CVSS v3 7.8
EPSS 0.0446
EPSS Percentile 88.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-10-24
VulnCheck KEV 2022-10-20
InTheWild.io 2022-10-24
ENISA EUVD EUVD-2020-24704
Ransomware Use Confirmed

Classification

CWE
CWE-427
Status published

Affected Products (1)

cisco/anyconnect_secure_mobility_client < 4.9.00086

Timeline

Published Aug 17, 2020
KEV Added Oct 24, 2022
Tracked Since Feb 18, 2026