Cisco AnyConnect Windows - CVE-2020-3433 et CVE-2020-3153

Two security vulnerabilities exploited in Cisco AnyConnect!

Cisco has released a new security alert about two security vulnerabilities located in the Cisco AnyConnect Secure Mobility Client for Windows. The bad news is that these vulnerabilities are being exploited in attacks.

As a reminder, the Cisco AnyConnect Secure Mobility software is a VPN client for Windows that allows you to connect to your company’s network remotely, through an IPsec or SSL VPN.

The two vulnerabilities mentioned in the Cisco security bulletins are associated with the following references: CVE-2020-3433 et CVE-2020-3153. It is two vulnerabilities discovered and fixed in 2020but Cisco has just updated the alert bulletins.

By exploiting these flaws, an attacker acting locally on the machine can perform a “DLL hijacking” attack and replacing system fileswhich ultimately allows it to jeopardize the machine while benefiting froms privilèges SYSTEM.

However, to achieve this attack, you must be authenticated on the machine. It’s well specified.”an authenticated local attacker” every time, on the Cisco site. This reduces the risk. Nevertheless, it turns out that these vulnerabilities can be coupled with Windows security flaws that allow privilege escalation. There are even PoC exploits.

Why have the security bulletins been updated?

Well, it turns out that Cisco has been informed of new attempts to exploit these vulnerabilities during the month of October 2022. As a result, the American company encourages its customers to update Cisco AnyConnect software if they are using a vulnerable version.

Moreover, at the same time, the American agency CISA added these two flaws to its famous catalog of vulnerabilities currently being exploited in attacks.

How to protect yourself?

As I said, you need to update the Cisco AnyConnect software on your Windows machines. Maybe it’s already been done for a long time on your machines….

To give you reference in terms of version number, here is what we can read on the Cisco site:

  • CVE-2020-3153 : This vulnerability affects the Client for Windows in versions prior to 4.8.02042.
  • CVE-2020-3433 : This vulnerability affects Client for Windows in versions prior to version 4.9.00086.

Note that Cisco AnyConnect clients for macOS, Linux, etc. are not affected. Here it is Windows version only.



#security #vulnerabilities #exploited #Cisco #AnyConnect

Leave a Comment

Your email address will not be published. Required fields are marked *