mickmick.net

Cisco Products Multiple Vulnerabilities

Release Date: 26 Oct 2022

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.

 

Notes:

CVE-2020-3153 and CVE-2020-3433 are being exploited in the wild. These two vulnerabilities require local and authenticated attacker to exploit, the risk level is rated as High Risk.

---

Impact

• Remote Code Execution
• Data Manipulation

---

System / Technologies affected

• Cisco AnyConnect Secure Mobility Client

 

Please refer to the link below for detail:

 

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj

---

Vulnerability Identifier

• CVE-2020-3153
• CVE-2020-3433

---

Source

• Cisco

---

Related Link

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj