Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited

Cisco warns of active exploitation attempts targeting two vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows.

Cisco is warning of exploitation attempts targeting two security flaws, tracked as CVE-2020-3153 (CVSS score: 6.5) and CVE-2020-3433 (CVSS score: 7.8), in the Cisco AnyConnect Secure Mobility Client for Windows. Both vulnerabilities are dated 2020 and are now patched.

The CVE-2020-3153 flaw resides in the installer component of AnyConnect Secure Mobility Client for Windows, an authenticated local attacker can exploit the flaw to copy user-supplied files to system level directories with system level privileges.

The CVE-2020-3433 vulnerability resides in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows. An authenticated, local attacker can exploit the issue to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

The alert follows the decision of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add the two CISCO flaws to its Known Exploited Vulnerabilities catalog.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to address both CISCO vulnerabilities by November 14, 2022.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cisco)

[adrotate banner=”5″]

[adrotate banner=”13″]