Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-3153
CVE-2020-3153:
Cisco AnyConnect Secure Client vulnerability analysis and mitigation
Overview
CVE-2020-3153 is a path traversal vulnerability affecting the installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to version 4.8.02042. The vulnerability was discovered in December 2019 and publicly disclosed in February 2020. This security flaw allows authenticated local attackers to create or overwrite files in arbitrary locations with system level privileges (Cisco Advisory, Rapid7).
Technical details
The vulnerability exists in the vpndownloader application's auto-update functionality, which runs with SYSTEM privileges through the Cisco AnyConnect Secure Mobility Agent service. The flaw stems from improper handling of path names where the application fails to properly validate directory separator characters, accepting both backslash and forward slash. This allows attackers to perform path traversal and execute files outside the intended temporary installer folder. The vulnerability has a CVSS score of 6.5 (SecurityWeek).
Impact
Successful exploitation of this vulnerability allows local attackers to gain SYSTEM privileges on affected Windows systems. The attacker can create or overwrite files in arbitrary locations with system level privileges, potentially leading to complete system compromise. The vulnerability affects the system particularly through the auto-update functionality that works even for low-privileged users (Hacker News).
Mitigation and workarounds
Cisco addressed this vulnerability in AnyConnect Secure Mobility Client for Windows version 4.8.02042. Customers with active contracts can obtain updates through the Cisco Software Center. Cisco strongly recommends upgrading to a fixed software release to remediate this vulnerability (Hacker News).
Community reactions
The vulnerability gained significant attention when CISA added it to its Known Exploited Vulnerabilities (KEV) catalog in October 2022, citing evidence of active abuse in the wild. The security community has noted its use in various attack campaigns, including those by ransomware groups (SecurityWeek).
Additional resources
Source: This report was generated using AI
Related Cisco AnyConnect Secure Client vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management