What is CVE-2020-3153?

CVE-2020-3153 is a medium-severity vulnerability in Cisco Anyconnect Secure Mobility Client, classified under Uncontrolled Search Path Element. CVSS score: 6.5/10. Published 2020-02-19.

How severe is CVE-2020-3153?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2020-3153 known to be exploited?

Yes. CVE-2020-3153 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-10-24), indicating it is being actively exploited. 23 public proof-of-concept repositories are indexed.

Vulnerability in Cisco Anyconnect Secure Mobility Client

CVE-2020-3153

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnera…

EPSS: 0.251 (96.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N.

Affected products

Cisco Anyconnect Secure Mobility Client — versions unspecified

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2022-10-24. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2022-11-14.

Required action: Apply updates per vendor instructions.

Known ransomware campaign use: yes.

Public proof-of-concept exploits

References

20200219 Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability (vendor-advisory, x_refsource_CISCO)
20200421 Cisco AnyConnect elevation of privileges due to insecure handling of path names (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/157340/Cisco-AnyConnect-Secure-Mobility-Client-4… (x_refsource_MISC)
packetstormsecurity.com/files/158219/Cisco-AnyConnect-Path-Traversal-Privilege-… (x_refsource_MISC)
packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-3153?: CVE-2020-3153 is a medium-severity vulnerability in Cisco Anyconnect Secure Mobility Client, classified under Uncontrolled Search Path Element. CVSS score: 6.5/10. Published 2020-02-19.
How severe is CVE-2020-3153?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2020-3153 known to be exploited?: Yes. CVE-2020-3153 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-10-24), indicating it is being actively exploited. 23 public proof-of-concept repositories are indexed.