Details of VAR-202008-0802

ID

VAR-202008-0802

CVE

CVE-2020-3434

TITLE

Windows for Cisco AnyConnect Secure Mobility Client Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-009566

DESCRIPTION

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to the fact that the program does not fully verify the input submitted by the user

Trust: 1.8

sources: NVD: CVE-2020-3434 // JVNDB: JVNDB-2020-009566 // VULHUB: VHN-181559 // VULMON: CVE-2020-3434

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	4.9.00086	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-009566 // NVD: CVE-2020-3434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3434
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3434
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-009566
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202008-139
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-181559
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-3434
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-3434
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-009566
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-181559
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-3434
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	JVNDB-2020-009566
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-181559 // VULMON: CVE-2020-3434 // JVNDB: JVNDB-2020-009566 // CNNVD: CNNVD-202008-139 // NVD: CVE-2020-3434 // NVD: CVE-2020-3434

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-181559 // JVNDB: JVNDB-2020-009566 // NVD: CVE-2020-3434

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-139

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202008-139

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-009566

PATCH

title:	cisco-sa-anyconnect-dos-feXq4tAV	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-feXq4tAV	Trust: 0.8
title:	Cisco AnyConnect Secure Mobility Client Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125482	Trust: 0.6
title:	Cisco: Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-anyconnect-dos-feXq4tAV	Trust: 0.1
title:	CVE-2020-3434	url:	https://github.com/AlAIAL90/CVE-2020-3434	Trust: 0.1
title:	CVE-2020-3433	url:	https://github.com/goichot/CVE-2020-3433	Trust: 0.1

sources: VULMON: CVE-2020-3434 // JVNDB: JVNDB-2020-009566 // CNNVD: CNNVD-202008-139

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3434	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-009566	Trust: 0.8
db:	CNNVD	id:	CNNVD-202008-139	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.2680.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2680	Trust: 0.6
db:	CXSECURITY	id:	WLB-2020090145	Trust: 0.6
db:	NSFOCUS	id:	48422	Trust: 0.6
db:	VULHUB	id:	VHN-181559	Trust: 0.1
db:	VULMON	id:	CVE-2020-3434	Trust: 0.1

sources: VULHUB: VHN-181559 // VULMON: CVE-2020-3434 // JVNDB: JVNDB-2020-009566 // CNNVD: CNNVD-202008-139 // NVD: CVE-2020-3434

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-dos-fexq4tav	Trust: 1.9
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3434	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3434	Trust: 0.8
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-profile-7u3perkf	Trust: 0.6
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-dll-f26wwjw	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2680.2/	Trust: 0.6
url:	https://cxsecurity.com/issue/wlb-2020090145	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2680/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-anyconnect-secure-mobility-client-for-windows-denial-of-service-via-ipc-33014	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48422	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/alaial90/cve-2020-3434	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/goichot/cve-2020-3433	Trust: 0.1

sources: VULHUB: VHN-181559 // VULMON: CVE-2020-3434 // JVNDB: JVNDB-2020-009566 // CNNVD: CNNVD-202008-139 // NVD: CVE-2020-3434

CREDITS

Yorick Koster

Trust: 0.6

sources: CNNVD: CNNVD-202008-139

SOURCES

db:	VULHUB	id:	VHN-181559
db:	VULMON	id:	CVE-2020-3434
db:	JVNDB	id:	JVNDB-2020-009566
db:	CNNVD	id:	CNNVD-202008-139
db:	NVD	id:	CVE-2020-3434

LAST UPDATE DATE

2024-11-23T21:59:07.045000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-181559	date:	2021-08-06T00:00:00
db:	VULMON	id:	CVE-2020-3434	date:	2021-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-009566	date:	2020-11-13T07:08:06
db:	CNNVD	id:	CNNVD-202008-139	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2020-3434	date:	2024-11-21T05:31:03.617

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-181559	date:	2020-08-17T00:00:00
db:	VULMON	id:	CVE-2020-3434	date:	2020-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2020-009566	date:	2020-11-13T07:08:06
db:	CNNVD	id:	CNNVD-202008-139	date:	2020-08-05T00:00:00
db:	NVD	id:	CVE-2020-3434	date:	2020-08-17T18:15:13.073