CVE-2020-3433
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 12, 2019
- Published Date
- August 17, 2020
- Last Updated
- November 08, 2024
- Vendor
- Cisco
- Product
- Cisco AnyConnect Secure Mobility Client
- Description
- A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
CVSS Scores
CVSS v3.1
7.8 - HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SSVC Information
- Exploitation
- active
- Technical Impact
- total
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-10-24 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/local/anyconnect_lpe.rb | 2025-04-29 11:01:40 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
anyconnect_lpe
Type: metasploit • Created: Unknown
Metasploit module for CVE-2020-3433
goichot/CVE-2020-3433
Type: github • Created: 2020-09-25 20:53:48 UTC • Stars: 43
PoCs and technical analysis of three vulnerabilities found on Cisco AnyConnect for Windows: CVE-2020-3433, CVE-2020-3434 and CVE-2020-3435