CVE-2020-3433 — Actively Exploited: AnyConnect Secure (Cisco)
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
| CVE ID | CVE-2020-3433 |
|---|---|
| Vendor | Cisco |
| Product | AnyConnect Secure |
| Vulnerability name | Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability |
| Date added | 2022-10-24 |
| Remediation due | 2022-11-14 |
| Known ransomware use | Known |
| Required action | Apply updates per vendor instructions. |
| Description | Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →