CVE-2020-3153
- Reference to the description:
- Description:
- A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.
- Last updated date:
- 01/01/2022
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 10/24/2022
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/04/2020
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/19/2020
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/27/2021
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/01/2022
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/01/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/01/2022
- Reference url to background
http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/01/2022
- Reference url to background