Vulnerability DatabaseCVE-2020-27123

CVE-2020-27123:
Cisco AnyConnect Secure Client vulnerability analysis and mitigation

Overview

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows was discovered and assigned CVE-2020-27123. This vulnerability affects versions up to (excluding) 4.9.03047 and was disclosed on November 4, 2020. The vulnerability allows an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device (NVD, CVE).

Technical details

The vulnerability stems from an exposed IPC function in the Cisco AnyConnect Secure Mobility Client. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. It is also classified under CWE-749 (Exposed Dangerous Method or Function) (NVD).

Impact

A successful exploitation of this vulnerability allows an attacker to read arbitrary files on the underlying operating system of the affected device. The vulnerability only impacts confidentiality (rated as High) while having no impact on integrity or availability of the system (NVD).

Mitigation and workarounds

The vulnerability was addressed in version 4.9.03047 of Cisco AnyConnect Secure Mobility Client for Windows. No workarounds are available for this vulnerability, making it essential to upgrade to a patched version (NVD).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

5.5

Score

Published November 6, 2020

Severity MEDIUM

CNA Score 5.5

Affected Technologies

Cisco AnyConnect Secure Client

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 19.1

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

cpe:2.3:a:cisco:anyconnect_secure_mobility_client
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*

Sources

NVD
- Windows Severity MEDIUMHas FixAdded at: Mar 10, 2022

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related Cisco AnyConnect Secure Client vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-20206	HIGH	7.8	Cisco AnyConnect Secure Client	cpe:2.3:a:cisco:secure_client	No	Yes	Mar 05, 2025
CVE-2024-3661	HIGH	7.6	Rust	gadmin-openvpn-server	No	Yes	May 06, 2024
CVE-2024-20391	MEDIUM	6.8	Cisco AnyConnect Secure Client	cpe:2.3:a:cisco:secure_client	No	Yes	May 15, 2024
CVE-2024-20474	MEDIUM	6.5	Cisco AnyConnect Secure Client	cpe:2.3:a:cisco:anyconnect_secure_mobility_client	No	Yes	Oct 23, 2024
CVE-2020-3432	MEDIUM	5.6	Cisco AnyConnect Secure Client	cpe:2.3:a:cisco:anyconnect_secure_mobility_client	No	Yes	Feb 12, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2020-27123: Cisco AnyConnect Secure Client vulnerability analysis and mitigation