A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
History

Fri, 08 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-10-24'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-08-17T18:01:06.828310Z

Updated: 2024-11-08T16:10:43.131Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3433

cve-icon Vulnrichment

Updated: 2024-08-04T07:37:54.304Z

cve-icon NVD

Status : Analyzed

Published: 2020-08-17T18:15:12.947

Modified: 2024-06-28T13:56:43.943

Link: CVE-2020-3433

cve-icon Redhat

No data.