Get in Touch
CISA adds Cisco AnyConnect vulnerabilities to the Known Exploited Vulnerabilities Catalog
Target Industry
Indiscriminate, opportunistic targeting.
Overview
CVE-2020-3433 Severity level: High – Successful exploitation of this vulnerability would allow a threat actor to escalate to system-level privileges through a DLL hijacking attack.
CVE-2020-3153 Severity level: Medium – Successful exploitation of this vulnerability could allow a threat actor to copy user-supplied files to sensitive system directories with system-level privileges.
While CVE-2020-3433 and CVE-2020-3153 are older vulerabilities, these have been added to the CISA Known Exploited Vulnerabilities Catalog as they have been seen being exploited by threat actors in recent attacks.
Impact
To exploit these vulnerabilities a threat actor requires valid user credentials to a vulnerable system. Successful exploitation of these vulnerabilities could allow a threat actor to fully compromise a system or load further code to maintain access into sensitive system directories.
Vulnerability Detection
CVE-2020-3433: Cisco AnyConnect Secure Mobility Client for Windows releases earlier than Release 4.9.00086. CVE-2020-3153: Cisco AnyConnect Secure Mobility Client for Windows releases earlier than 4.8.02042.
Affected Products
CVE-2020-3433: Cisco AnyConnect Secure Mobility Client for Windows releases earlier than Release 4.9.00086. CVE-2020-3153: Cisco AnyConnect Secure Mobility Client for Windows releases earlier than 4.8.02042.
Containment, Mitigations & Remediations
Application of all available software patches for Cisco AnyConnect Secure Mobility Client for Windows.
Indicators of Compromise
No current IOCs have been released by Cisco for either of these vulnerabilities.
Threat Landscape
No further information has been released as to the threat actors utilising these vulnerabilities, however, these all currently have publicly available exploit code. It is therefore likely that opportunistic threats such as these will almost certainly continue to be exploited by malicious threat actors as the vulnerabilities are discovered and shared across online forums.
Threat Group
No threat actor has been attributed to this exploitation.
Mitre Methodologies
T1574 – Hijack Execution Flow
T1078 – Valid Accounts
Further Information
Cisco Advisory for CVE-2020-3433
Cisco Advisory for CVE-2020-3153
CISA Known Exploited Vulnerabilities Catalog