← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-3153 — Actively Exploited: AnyConnect Secure (Cisco)

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

CVE IDCVE-2020-3153
VendorCisco
ProductAnyConnect Secure
Vulnerability nameCisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Date added2022-10-24
Remediation due2022-11-14
Known ransomware useKnown
Required actionApply updates per vendor instructions.
DescriptionCisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →