VULNERA Pulse

Google — Chromium V8 Engine

CVE-2022-3723 / Added: Oct. 28, 2022

HIGH CVSS 8.80

Google Chromium V8 contains a type confusion vulnerability. Specific impacts from exploitation are not available at this time.

Headlines

• Nov. 9, 2022 - Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days
• Oct. 30, 2022 - Google urgently fixes a critical flaw in Chrome: update now!
• Oct. 29, 2022 - Chrome issues urgent zero-day fix – update now!
• Oct. 29, 2022 - Ireland Pottery, Spritacular, Image Creator, More: Saturday ResearchBuzz, October 29, 2022
• Oct. 28, 2022 - Want to protect yourself? Install Chrome 107 now
• Oct. 28, 2022 - Google Issues Urgent Zero-Day Patch For Billions Of Chrome Users, Update ASAP
• Oct. 28, 2022 - Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year
• Oct. 28, 2022 - Google fixes seventh Chrome zero-day exploited in attacks this year
• Oct. 28, 2022 - Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
• Oct. 28, 2022 - Emergency Chrome Security Update—Google Confirms 0Day Attack Threat

Back to top ↑

Apple — iOS and iPadOS

CVE-2022-42827 / Added: Oct. 25, 2022

HIGH CVSS 7.80

Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.

Headlines

• Oct. 30, 2022 - Week in review: OpenSSL critical fix, Medibank data breach, Apple fixes zero-day vulnerability
• Oct. 29, 2022 - Apple iOS 15.7.1 Release: Should You Upgrade?
• Oct. 28, 2022 - Multiple vulnerabilities affect the Juniper Junos OS
• Oct. 28, 2022 - Updates to Apple’s zero-day update story – iPhone and iPad users read this!
• Oct. 28, 2022 - iOS 15.7.1 Vs iOS 16.1—Here’s Which iPhone Update To Choose
• Oct. 28, 2022 - Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads
• Oct. 27, 2022 - Apple、iPhone 6s以降のiPhoneやiPad Air 2/mini 4以降のiPadに対し、既に悪用された可能性のあるゼロデイ脆弱性を修正した「iOS/iPadOS 15.7.1」をリリース。
• Oct. 27, 2022 - Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
• Oct. 27, 2022 - iOS 16.1 Includes a Zero-Day Security Patch That Addresses Active Exploits
• Oct. 27, 2022 - Some iPhones and iPads may be vulnerable to attackers, warns India's cyber security watchdog - Business Insider India
• Oct. 27, 2022 - Cert-In reports multiple vulnerabilities in Apple iPhones, iPads and Safari
• Oct. 26, 2022 - iOS 16.1 and iPadOS 16 contain fixes for a zero-day exploit already seen in the wild
• Oct. 26, 2022 - Cert-In warns of multiple iPhone, iPad vulnerabilities
• Oct. 26, 2022 - Latest iOS 16.1 Update Patches Zero-Day Vulnerability
• Oct. 26, 2022 - Zero-day vulnerability patched in iOS 16.1; active exploits may exist, says Apple
• Oct. 25, 2022 - Singapore’s Cyber Security Agency warns Apple users to update their devices immediately
• Oct. 25, 2022 - Apple patches high-severity 0-day for iPhones and iPads
• Oct. 25, 2022 - Apple fixes its ninth major zero-day threat of 2022
• Oct. 25, 2022 - Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability
• Oct. 25, 2022 - iOS 16.1 includes a fix for a scary zero-day iPhone security flaw
• Oct. 25, 2022 - Apple iOS 16.1 Release: Should You Upgrade?
• Oct. 25, 2022 - iOS 16.1 arrives: Here's what new for your iPhone
• Oct. 25, 2022 - iOS 16.1—Update Now Warning Issued To All iPhone Users
• Oct. 25, 2022 - Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability
• Oct. 24, 2022 - Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!
• Oct. 24, 2022 - Apple fixed the ninth actively exploited zero-day this year

Back to top ↑

Cisco — AnyConnect Secure

CVE-2020-3433 / Added: Oct. 24, 2022

HIGH CVSS 7.80

Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.

Headlines

• Nov. 3, 2022 - From Apple to Google, check details of all updates launched in October
• Oct. 26, 2022 - Cisco AnyConnect Windows client under active attack
• Oct. 26, 2022 - Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities
• Oct. 26, 2022 - Cisco AnyConnect urges admins to update now to avoid security threats

Back to top ↑

Cisco — AnyConnect Secure

CVE-2020-3153 / Added: Oct. 24, 2022

MEDIUM CVSS 6.50

Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

Headlines

• Oct. 26, 2022 - Cisco Warns AnyConnect VPNs Under Active Cyberattack
• Oct. 26, 2022 - Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited
• Oct. 26, 2022 - Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities
• Oct. 21, 2022 - OldGremlin Ransomware Gang Known for Targeting Russia Launches Linux Malware
• Oct. 20, 2022 - OldGremlin Ransomware Targeted Over a Dozen Russian Entities in Multi-Million Scheme

Back to top ↑

GIGABYTE — Multiple Products

CVE-2018-19323 / Added: Oct. 24, 2022

HIGH CVSS 9.00

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Back to top ↑

GIGABYTE — Multiple Products

CVE-2018-19321 / Added: Oct. 24, 2022

HIGH CVSS 7.20

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Back to top ↑

GIGABYTE — Multiple Products

CVE-2018-19320 / Added: Oct. 24, 2022

HIGH CVSS 7.20

The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

Headlines

• Oct. 8, 2022 - BlackByte Ransomware abuses vulnerable driver to bypass security solutions

Back to top ↑

GIGABYTE — Multiple Products

CVE-2018-19322 / Added: Oct. 24, 2022

MEDIUM CVSS 4.60

The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges.

Back to top ↑

CVE-2022-3723

HIGH CVSS 8.80

CISA Known Exploited Actively Exploited

Published: Nov. 1, 2022

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor Impacted: Google

Product Impacted: Chromium V8 Engine

Quotes

• Access to bug details and links may be kept restricted until a majority of users are updated with a fix - Dark Reading
• Google is aware of reports that an exploit for CVE-2022-3723 exists in the wild - Security Affairs

Headlines

• Oct. 28, 2022 - Want to protect yourself? Install Chrome 107 now
• Oct. 28, 2022 - Urgent: Google Issues Emergency Patch for Chrome Zero-Day
• Oct. 28, 2022 - Google Issues Urgent Zero-Day Patch For Billions Of Chrome Users, Update ASAP
• Oct. 28, 2022 - Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year
• Oct. 28, 2022 - Google fixes seventh Chrome zero-day exploited in attacks this year
• Oct. 28, 2022 - Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
• Oct. 28, 2022 - Google Releases Emergency Chrome 107 Update to Patch Actively Exploited Zero-Day
• Oct. 28, 2022 - Emergency Chrome Security Update—Google Confirms 0Day Attack Threat

CVE-2022-42827

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited

Published: Nov. 1, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Vendor Impacted: Apple

Products Impacted: Macos, Tvos, Iphone Os, Ios And Ipados, Ipados, Watchos

Quotes

• DUCK: Don't know./DOUG: Clear as mud - Naked Security - Sophos
• Chain the Kernel level vulnerabilities with some of the other flaws to allow a malicious app to exploit them - Forbes - Cybersecurity
• Apple is aware of a report that this issue may have been actively exploited - Security Affairs
• May have been actively exploited - BleepingComputer
• Unlikely to disrupt or prevent voting - Cisco Talos Blog
• An app may be able to record audio using a pair of connected AirPods - The Hacker News
• With the release of a new version of macOS, and updates for all operating systems Apple publishes, we got a total of 106 vulnerabilities - iTnews - Security
• Is aware of a report that this issue may have been actively exploited - Naked Security - Sophos
• Aware of a report that this issue may have been actively exploited - The Hacker News
• An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited - SecurityWeek

Headlines

• Oct. 28, 2022 - Multiple vulnerabilities affect the Juniper Junos OS
• Oct. 28, 2022 - Updates to Apple’s zero-day update story – iPhone and iPad users read this!
• Oct. 28, 2022 - iOS 15.7.1 Vs iOS 16.1—Here’s Which iPhone Update To Choose
• Oct. 28, 2022 - Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads
• Oct. 27, 2022 - Apple fixes recently disclosed zero-day on older iPhones, iPads
• Oct. 27, 2022 - Apple、iPhone 6s以降のiPhoneやiPad Air 2/mini 4以降のiPadに対し、既に悪用された可能性のあるゼロデイ脆弱性を修正した「iOS/iPadOS 15.7.1」をリリース。
• Oct. 27, 2022 - Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
• Oct. 27, 2022 - iOS 16.1 Includes a Zero-Day Security Patch That Addresses Active Exploits
• Oct. 27, 2022 - Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri
• Oct. 27, 2022 - Apple zero-day exploits patched: Why you should update your iPhones, iPads immediately
• Oct. 27, 2022 - Some iPhones and iPads may be vulnerable to attackers, warns India's cyber security watchdog - Business Insider India
• Oct. 27, 2022 - Cert-In reports multiple vulnerabilities in Apple iPhones, iPads and Safari
• Oct. 26, 2022 - iOS 16.1 and iPadOS 16 contain fixes for a zero-day exploit already seen in the wild
• Oct. 26, 2022 - Latest iOS 16.1 Update Patches Zero-Day Vulnerability
• Oct. 26, 2022 - Zero-day vulnerability patched in iOS 16.1; active exploits may exist, says Apple
• Oct. 25, 2022 - Apple warns of actively exploited iOS and iPadOS zero-day
• Oct. 25, 2022 - Singapore’s Cyber Security Agency warns Apple users to update their devices immediately
• Oct. 25, 2022 - Apple patches high-severity 0-day for iPhones and iPads
• Oct. 25, 2022 - Apple fixes its ninth major zero-day threat of 2022
• Oct. 25, 2022 - Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!
• Oct. 25, 2022 - Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability
• Oct. 25, 2022 - Apple iOS 16.1 Release: Should You Upgrade?
• Oct. 25, 2022 - Apple Patches Over 100 Vulnerabilities With Release of macOS Ventura 13
• Oct. 25, 2022 - iOS 16.1 arrives: Here's what new for your iPhone
• Oct. 25, 2022 - iOS 16.1—Apple Issues Update Warning To All iPhone Users
• Oct. 25, 2022 - Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability
• Oct. 24, 2022 - Apple fixed the ninth actively exploited zero-day this year
• Oct. 24, 2022 - Apple Fixes Exploited Zero-Day With iOS 16.1 Patch
• Oct. 24, 2022 - Apple fixes new zero-day used in attacks against iPhones, iPads

CVE-2022-32946

MEDIUM CVSS 5.50

Risk Context N/A

Published: Nov. 1, 2022

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

Vendor Impacted: Apple

Products Impacted: Ipad Os, Iphone Os

Quotes

• Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets - Dark Reading
• This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone - infosecurity-magazine.com
• An app may be able to record audio using a pair of connected AirPods - Security Affairs
• Here's what I found on the web.. - Rambo.codes
• Install Security Responses & System Files - AppleInsider

Headlines

• Oct. 27, 2022 - Your Siri conversations may have been recorded without your permission
• Oct. 27, 2022 - iOS Bug Lets Apps Record Siri Conversations
• Oct. 27, 2022 - Mac and iOS security flaw could expose your Siri conversations – but there’s a fix
• Oct. 27, 2022 - iOS Bluetooth Bug Allowed Apps to Eavesdrop on User Conversations
• Oct. 27, 2022 - SiriSpy flaw allows eavesdropping on users’ conversations with Siri
• Oct. 27, 2022 - Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri
• Oct. 26, 2022 - SiriSpy – iOS bug allowed apps to eavesdrop on your conversations with Siri
• Oct. 26, 2022 - Malicious Mac and iOS apps could have listened in on Siri conversations

CVE-2022-31678

CRITICAL CVSS 9.10

Risk Context N/A

Published: Oct. 28, 2022

VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Vendor Impacted: Vmware

Products Impacted: Cloud Foundation, Nsx Data Center

Quotes

• Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of 'root' on the appliance - Securityweek.com

Headlines

• Oct. 26, 2022 - VMware Patches Critical Vulnerability in End-of-Life Product
• Oct. 26, 2022 - VMware fixes critical RCE in VMware Cloud Foundation
• Oct. 26, 2022 - VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform
• Oct. 25, 2022 - VMware fixes critical Cloud Foundation remote code execution bug

CVE-2022-32917

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited

Published: Sept. 20, 2022

The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Vendor Impacted: Apple

Products Impacted: Ios, Ipados, And Macos, Iphone Os, Macos, Ipados

Quotes

• Unlikely to disrupt or prevent voting - Cisco Talos Blog
• Apple is aware of a report that this issue may have been actively exploited - TechRadar
• Aware of a report that this issue may have been actively exploited - Internet

Headlines

• Oct. 27, 2022 - Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
• Oct. 25, 2022 - Apple fixes its ninth major zero-day threat of 2022
• Oct. 25, 2022 - Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability
• Oct. 25, 2022 - Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

CVE-2022-32894

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited

Published: Aug. 24, 2022

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Vendor Impacted: Apple

Products Impacted: Ios And Macos, Macos, Iphone Os, Ipados, Watchos

Quotes

• Unlikely to disrupt or prevent voting - Cisco Talos Blog
• Apple is aware of a report that this issue may have been actively exploited - TechRadar
• Aware of a report that this issue may have been actively exploited - The Hacker News

Headlines

• Oct. 27, 2022 - Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?
• Oct. 27, 2022 - Apple zero-day exploits patched: Why you should update your iPhones, iPads immediately
• Oct. 25, 2022 - Apple fixes its ninth major zero-day threat of 2022
• Oct. 25, 2022 - Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability
• Oct. 25, 2022 - Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability

CVE-2022-35737

HIGH CVSS 7.50

Public Exploits Available

Published: Aug. 3, 2022

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.

Vendor Impacted: Sqlite

Product Impacted: Sqlite

Quotes

• SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API - Security Affairs
• CVE-2022-35737 is exploitable on 64-bit systems, and exploitability depends on how the program is compiled - Internet

Headlines

• Oct. 25, 2022 - Experts disclosed a 22-year-old bug in popular SQLite Database library
• Oct. 25, 2022 - 22-Year-Old Vulnerability Reported in Widely Used SQLite Database Library
• Oct. 25, 2022 - Stranger Strings: An exploitable flaw in SQLite

CVE-2021-39144

HIGH CVSS 8.50

Public Exploits Available

Published: Aug. 23, 2021

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

Vendors Impacted: Debian, Netapp, Oracle, Fedoraproject

Products Impacted: Debian Linux, Snapmanager, Retail Xstore Point Of Service, Utilities Framework, Communications Cloud Native Core Bin, Communications Unified Inventory Man, Webcenter Portal, Fedora, Communications Cloud Native Core Pol, Communications Billing And Revenue M, Business Activity Monitoring, Utilities Testing Accelerator, Communications Cloud Native Core Aut, Commerce Guided Search

Quotes

• An attacker can send a specially crafted XStream marshalled payload with a dynamic proxy and trigger remote code execution in the context of root - BleepingComputer
• In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability - The Register - Security
• Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation (NSX-V), a malicious actor can get remote code execution in the context of 'root' on the appliance - SecurityWeek

Headlines

• Oct. 28, 2022 - VMware patches vulnerability with 9.8/10 severity rating in Cloud Foundation
• Oct. 28, 2022 - Exploit released for critical VMware RCE vulnerability, patch now
• Oct. 26, 2022 - Cisco AnyConnect Windows client under active attack
• Oct. 26, 2022 - VMware Patches Critical Vulnerability in End-of-Life Product
• Oct. 26, 2022 - VMware fixes critical RCE in VMware Cloud Foundation
• Oct. 26, 2022 - VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform
• Oct. 25, 2022 - VMware fixes critical Cloud Foundation remote code execution bug

CVE-2020-3433

HIGH CVSS 7.80

CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available

Published: Aug. 17, 2020

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

Vendor Impacted: Cisco

Product Impacted: Anyconnect Secure

Quotes

• In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability - The Register - Security
• In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild - Dark Reading
• In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability - SecurityWeek
• In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild - TechRadar

Headlines

• Oct. 26, 2022 - Cisco AnyConnect Windows client under active attack
• Oct. 26, 2022 - Cisco Warns AnyConnect VPNs Under Active Cyberattack
• Oct. 26, 2022 - Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities
• Oct. 26, 2022 - Cisco AnyConnect urges admins to update now to avoid security threats
• Oct. 26, 2022 - Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited
• Oct. 26, 2022 - Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities
• Oct. 25, 2022 - Cisco warns admins to patch AnyConnect flaw exploited in attacks
• Oct. 25, 2022 - Cisco warns admins to patch AnyConnect flaws exploited in attacks
• Oct. 25, 2022 - CISA Warns of Attacks Exploiting Cisco, Gigabyte Vulnerabilities

CVE-2020-3153

MEDIUM CVSS 6.50

CISA Known Exploited Actively Exploited Used In Ransomware Public Exploits Available

Published: Feb. 19, 2020

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

Vendor Impacted: Cisco

Product Impacted: Anyconnect Secure

Quotes

• In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability - The Register - Security
• In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild - Dark Reading
• In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability - SecurityWeek
• In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild - TechRadar

Headlines

• Oct. 26, 2022 - Cisco AnyConnect Windows client under active attack
• Oct. 26, 2022 - Cisco Warns AnyConnect VPNs Under Active Cyberattack
• Oct. 26, 2022 - Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities
• Oct. 26, 2022 - Cisco AnyConnect urges admins to update now to avoid security threats
• Oct. 26, 2022 - Two flaws in Cisco AnyConnect Secure Mobility client for Windows actively exploited
• Oct. 26, 2022 - Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities
• Oct. 25, 2022 - Cisco warns admins to patch AnyConnect flaw exploited in attacks
• Oct. 25, 2022 - Cisco warns admins to patch AnyConnect flaws exploited in attacks
• Oct. 25, 2022 - CISA Warns of Attacks Exploiting Cisco, Gigabyte Vulnerabilities