Show plain JSON{"containers": {"cna": {"affected": [{"product": "Cisco AnyConnect Secure Mobility Client", "vendor": "Cisco", "versions": [{"lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "CWE-427", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-09-30T18:06:16", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200219 Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj"}, {"name": "20200421 Cisco AnyConnect elevation of privileges due to insecure handling of path names", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2020/Apr/43"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html"}], "source": {"advisory": "cisco-sa-ac-win-path-traverse-qO4HWBsj", "defect": [["CSCvs46327"]], "discovery": "INTERNAL"}, "title": "Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-19T16:00:00-0800", "ID": "CVE-2020-3153", "STATE": "PUBLIC", "TITLE": "Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AnyConnect Secure Mobility Client", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "6.5", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-427"}]}]}, "references": {"reference_data": [{"name": "20200219 Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj"}, {"name": "20200421 Cisco AnyConnect elevation of privileges due to insecure handling of path names", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2020/Apr/43"}, {"name": "http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.html"}, {"name": "http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html"}, {"name": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html"}]}, "source": {"advisory": "cisco-sa-ac-win-path-traverse-qO4HWBsj", "defect": [["CSCvs46327"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:24:00.700Z"}, "title": "CVE Program Container", "references": [{"name": "20200219 Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj"}, {"name": "20200421 Cisco AnyConnect elevation of privileges due to insecure handling of path names", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2020/Apr/43"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-08T16:11:49.145209Z", "id": "CVE-2020-3153", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-10-24", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3153"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-08T16:12:04.675Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3153", "datePublished": "2020-02-19T19:15:53.412807Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-08T16:12:04.675Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}