CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Nov 14, 2022
Description
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
EPSS — Exploit Probability
4.5%
Higher than 88.9% of all CVEs
Required Action
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433
Risk Assessment
HIGHIn CISA KEV
Ransomware
Details
- Severity
- High
- EPSS
- 4.5%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Oct 24, 2022
Added to KEV
Oct 24, 2022
Remediation Due
Nov 14, 2022