Skip to content

CVE-2020-3433

is CVE-2020-3433real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch
High · CVSS 7.8EPSS 10.1%CISA KEVCWE-427

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

References

NVD MITRE CVE.org CISA KEV

Published

Embed this verdict
TruePositive verdict for CVE-2020-3433
Markdown
[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2020-3433/badge.svg)](https://www.truepositive.app/cve/CVE-2020-3433)
HTML
<a href="https://www.truepositive.app/cve/CVE-2020-3433"><img src="https://www.truepositive.app/cve/CVE-2020-3433/badge.svg" alt="TruePositive verdict for CVE-2020-3433"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts
Not a real issue

Includes TruePositive's curated baseline from public sources — community verdicts accrue on top.

Pick your verdict — we'll save it right after a quick sign-in.

Community real-world severity: Critical (Critical 2) — CVSS base score 7.8

Practitioners rate this higher than its CVSS — treat with extra caution.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

  • 0
    Field note · Nadia PetrovaCurated

    Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability — Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges. Listed in the CISA KEV catalog (added 2022-10-24) — confirmed exploited in the wild, not theoretical. It is linked to known ransomware campaigns. FIRST EPSS puts the chance of exploitation in the next 30 days at ~10%. Treat it as real and prioritize remediation over triage.

  • 0
    Remediation · Aisha RahmanCurated

    Required action for Cisco AnyConnect Secure: Apply updates per vendor instructions. CISA set a federal remediation due date of 2022-11-14. After patching, verify the vulnerable path is no longer reachable before closing the finding.

Related CVEs

Same weaknessCWE-427.