Skip to content

CVE-2020-3153

is CVE-2020-3153real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch
Medium · CVSS 6.5EPSS 28.3%CISA KEVCWE-427

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

References

NVD MITRE CVE.org CISA KEV

Published

Embed this verdict
TruePositive verdict for CVE-2020-3153
Markdown
[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2020-3153/badge.svg)](https://www.truepositive.app/cve/CVE-2020-3153)
HTML
<a href="https://www.truepositive.app/cve/CVE-2020-3153"><img src="https://www.truepositive.app/cve/CVE-2020-3153/badge.svg" alt="TruePositive verdict for CVE-2020-3153"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

3 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

Pick your verdict — we'll save it right after a quick sign-in.

Community real-world severity: Critical (Critical 3) — CVSS base score 6.5

Practitioners rate this higher than its CVSS — treat with extra caution.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Priya NairCurated

    Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability — Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. Listed in the CISA KEV catalog (added 2022-10-24) — confirmed exploited in the wild, not theoretical. It is linked to known ransomware campaigns. FIRST EPSS puts the chance of exploitation in the next 30 days at ~28%. Treat it as real and prioritize remediation over triage.

  • 0
    Remediation · Diego RamírezCurated

    Required action for Cisco AnyConnect Secure: Apply updates per vendor instructions. CISA set a federal remediation due date of 2022-11-14. After patching, verify the vulnerable path is no longer reachable before closing the finding.

Related CVEs

Same weaknessCWE-427.