CVE-2020-3153 - Vulnerability Details

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

This CVE is in the KEV database since Oct. 24, 2022.

Exploitation active

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Anyconnect Secure Mobility Client

Configuration 1 [-]

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.html
http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html
http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html
http://seclists.org/fulldisclosure/2020/Apr/43
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj

History

Fri, 08 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-10-24'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-02-19T19:15:53.412807Z

Updated: 2024-11-08T16:12:04.675Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3153

Vulnrichment

Updated: 2024-08-04T07:24:00.700Z

NVD

Status : Modified

Published: 2020-02-19T20:15:15.113

Modified: 2024-11-21T05:30:26.193

Link: CVE-2020-3153

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Complete

Availability Impact None

Exploitation active

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object