The vulnerability is due to a lack of checks in the code for the path to the downloader application and associated DLLs.An attacker could exploit this vulnerability by executing the downloader application from outside its expected location and providing a set of crafted DLLs.
![]() Cisco Anyconnect Secure Mobility Client Windows Code For TheA successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. An authenticated, local attacker could exploit this vulnerability by executing the downloader application from outside its expected location and providing a set of crafted DLLs. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account, which could result in a complete system compromise. To exploit this vulnerability an attacker must authenticate and have local access to the targeted system. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. CVE-2020-3434) - A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. CVE-2020-3433) Please see the included Cisco BIDs and Cisco Security Advisory for more information. All Rights Reserved Privacy Policy Legal 508 Compliance.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |