CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Nov 14, 2022
Description
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.
EPSS — Exploit Probability
Higher than 96.1% of all CVEs
Required Action
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj; https://nvd.nist.gov/vuln/detail/CVE-2020-3153
Risk Assessment
HIGHDetails
- Severity
- High
- EPSS
- 25.1%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Oct 24, 2022
Added to KEV
Oct 24, 2022
Remediation Due
Nov 14, 2022