Sign-up

ID

VAR-202008-0801


CVE

CVE-2020-3433


TITLE

Windows for Cisco AnyConnect Secure Mobility Client Vulnerability in uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009565

DESCRIPTION

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2020-3433 // JVNDB: JVNDB-2020-009565 // VULHUB: VHN-181558 // VULMON: CVE-2020-3433

AFFECTED PRODUCTS

vendor:ciscomodel:anyconnect secure mobility clientscope:ltversion:4.9.00086

Trust: 1.0

vendor:ciscomodel:anyconnect secure mobility clientscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-009565 // NVD: CVE-2020-3433

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-3433
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3433
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-009565
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-166
value: HIGH

Trust: 0.6

VULHUB: VHN-181558
value: HIGH

Trust: 0.1

VULMON: CVE-2020-3433
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-009565
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181558
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULMON: CVE-2020-3433
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-009565
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181558 // VULMON: CVE-2020-3433 // JVNDB: JVNDB-2020-009565 // CNNVD: CNNVD-202008-166 // NVD: CVE-2020-3433 // NVD: CVE-2020-3433

PROBLEMTYPE DATA

problemtype:CWE-427

Trust: 1.9

sources: VULHUB: VHN-181558 // JVNDB: JVNDB-2020-009565 // NVD: CVE-2020-3433

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-166

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-166

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-3433

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-181558

PATCH
title:cisco-sa-anyconnect-dll-F26WwJWurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-dll-f26wwjw
Trust: 0.8
title:Cisco AnyConnect Secure Mobility Client for Windows Fixes for code issue vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=125862
Trust: 0.6
title:Cisco: Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-anyconnect-dll-f26wwjw
Trust: 0.1
title:PoCs for CVE-2020-3433, CVE-2020-3434, and CVE-2020-3435url:https://github.com/goichot/cve-2020-3433 
Trust: 0.1
title:主流供应商的一些攻击性漏洞汇总url:https://github.com/r0exper/supplier 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/0xt11/cve-poc 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/soosmile/poc 
Trust: 0.1
title:Known Exploited Vulnerabilities Detectorurl:https://github.com/ostorlab/kev 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/developer3000s/poc-in-github 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/hectorgie/poc-in-github 
Trust: 0.1
title:Threatposturl:https://threatpost.com/high-severity-cisco-dos-flaw-small-business-switches/158124/
Trust: 0.1
title: - url:https://www.theregister.co.uk/2022/10/26/cisco_vpn_bugs_exploited/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-3433 // 
            
            
            
            JVNDB: JVNDB-2020-009565 // 
            
            
            
            CNNVD: CNNVD-202008-166

EXTERNAL IDS
db:NVDid:CVE-2020-3433
Trust: 2.6
db:PACKETSTORMid:159420
Trust: 1.8
db:JVNDBid:JVNDB-2020-009565
Trust: 0.8
db:AUSCERTid:ESB-2020.2680.2
Trust: 0.6
db:AUSCERTid:ESB-2020.2680
Trust: 0.6
db:CXSECURITYid:WLB-2020090145
Trust: 0.6
db:NSFOCUSid:48348
Trust: 0.6
db:CNNVDid:CNNVD-202008-166
Trust: 0.6
db:CNVDid:CNVD-2020-50564
Trust: 0.1
db:VULHUBid:VHN-181558
Trust: 0.1
db:VULMONid:CVE-2020-3433
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181558 // 
            
            
            
            VULMON: CVE-2020-3433 // 
            
            
            
            JVNDB: JVNDB-2020-009565 // 
            
            
            
            CNNVD: CNNVD-202008-166 // 
            
            
            
            NVD: CVE-2020-3433

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-dll-f26wwjw
Trust: 1.9
url:http://packetstormsecurity.com/files/159420/cisco-anyconnect-privilege-escalation.html
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-3433
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3433
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-profile-7u3perkf
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-dos-fexq4tav
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48348
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2680.2/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-anyconnect-secure-mobility-client-for-windows-executing-dll-code-33013
Trust: 0.6
url:https://cxsecurity.com/issue/wlb-2020090145
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2680/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/427.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/goichot/cve-2020-3433
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181558 // 
            
            
            
            VULMON: CVE-2020-3433 // 
            
            
            
            JVNDB: JVNDB-2020-009565 // 
            
            
            
            CNNVD: CNNVD-202008-166 // 
            
            
            
            NVD: CVE-2020-3433

CREDITS
Christophe de la Fuente,Yorick Koster, Antoine Goichot
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202008-166

SOURCES
db:VULHUBid:VHN-181558
db:VULMONid:CVE-2020-3433
db:JVNDBid:JVNDB-2020-009565
db:CNNVDid:CNNVD-202008-166
db:NVDid:CVE-2020-3433

LAST UPDATE DATE
2024-01-17T20:29:52.930000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181558date:2023-01-31T00:00:00
db:VULMONid:CVE-2020-3433date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-009565date:2020-11-13T07:08:05
db:CNNVDid:CNNVD-202008-166date:2020-10-09T00:00:00
db:NVDid:CVE-2020-3433date:2023-11-07T03:22:42.623

SOURCES RELEASE DATE
db:VULHUBid:VHN-181558date:2020-08-17T00:00:00
db:VULMONid:CVE-2020-3433date:2020-08-17T00:00:00
db:JVNDBid:JVNDB-2020-009565date:2020-11-13T07:08:05
db:CNNVDid:CNNVD-202008-166date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3433date:2020-08-17T18:15:12.947