Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities


This week, the US Cybersecurity and Infrastructure Security Agency updated its list of known exploited vulnerabilities to include two bugs impacting Cisco’s AnyConnect product. The Cisco VPN issues and four 2018 security flaws affecting Gigabyte drivers were both added to CISA’s database this week.

The AnyConnect Secure Mobility Client for Windows is vulnerable to the CVE-2020-3433 and CVE-2020-3153 flaws, which Cisco addressed in August 2020. They can be used by a local, authenticated attacker to escalate their privileges while executing arbitrary code and copying files to arbitrary destinations. Read More…