CVE-2020-3153CISA KEV: Actively Exploited

Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability

Published Oct 24, 2022·Updated Oct 24, 2022

Description

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

Public Exploits & PoCs3 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free