CVE-2020-3433
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
In short
A flaw in Cisco AnyConnect for Windows allows a local user with system access to trick the application into loading a malicious file, gaining complete control of the computer. This is dangerous because it lets attackers run harmful code with the highest privileges.
Technical detail
The vulnerability exists in the IPC channel of Cisco AnyConnect for Windows due to insufficient validation of dynamically loaded resources. An authenticated local attacker can send a crafted IPC message to trigger DLL hijacking, resulting in arbitrary code execution with SYSTEM privileges. Exploitation requires valid Windows credentials and local system access.
Summary generated and translated by AI from the official description.
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Cisco · Cisco AnyConnect Secure Mobility Clientpublic PoCs found — 2
githubgithub.com/goichot/CVE-2020-3433★ 42cve_referencepacketstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →