CVE-2020-3153

Опубликовано: 19 фев. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 4.9

EPSS Средний

Описание

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Ссылки

http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/43
Exploit
Mailing List
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
Vendor Advisory
http://packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4.8.01090-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2020/Apr/43
Exploit
Mailing List
Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3153
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*

Версия до 4.8.02042 (исключая)

EPSS

Процентиль: 96%

0.25087

Средний

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-427

Связанные уязвимости

GHSA-xpxv-rfwh-rcfc

CVSS3: 6.5

github

больше 3 лет назад

BDU:2020-01002

CVSS3: 6.5

fstec

почти 6 лет назад

Уязвимость установщика программного обеспечения защищенного мобильного доступа Cisco AnyConnect Secure Mobility Client для операционных систем Windows, позволяющая нарушителю копировать произвольные файлы в каталоги системного уровня

EPSS

Процентиль: 96%

0.25087

Средний

6.5 Medium

CVSS3

6.5 Medium

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-427