Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.
October 26, 2022 By Tara Seals
A pair of known security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows is being actively exploited in the wild, despite being patched for two-plus years.
The networking giant is warning that cybercrime groups are pressing two local privilege escalation (LPE) bugs into service, with active exploit chains against the VPN platform being observed starting this month.
The first flaw (CVE-2020-3153, with a CVSS score of 6.5) would allow a logged-in user to send a specially crafted IPC message to the AnyConnect process to perform DLL hijacking and execute arbitrary code on the affected machine with SYSTEM privileges. The second issue (CVE-2020-3433, with a CVSS score of 7.8) could allow a logged-in user to copy arbitrary files to system-level directories with SYSTEM privileges.
