{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T14:57:42.641","vulnerabilities":[{"cve":{"id":"CVE-2020-3433","sourceIdentifier":"psirt@cisco.com","published":"2020-08-17T18:15:12.947","lastModified":"2025-10-28T13:58:07.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system."},{"lang":"es","value":"Una vulnerabilidad en el canal de comunicación entre procesos (IPC) de Cisco AnyConnect Secure Mobility Client para Windows podría permitir a un atacante local autenticado llevar a cabo un ataque de secuestro de DLL. Para explotar esta vulnerabilidad, el atacante debería tener credenciales válidas en el sistema Windows. La vulnerabilidad es debido a una comprobación insuficiente de los recursos que son cargados por la aplicación en el tiempo de ejecución. Un atacante podría explotar esta vulnerabilidad mediante el envío de un mensaje IPC diseñado al proceso AnyConnect. Una explotación con éxito podría permitir al atacante ejecutar código arbitrario en la máquina afectada con privilegios SYSTEM. Para explotar esta vulnerabilidad, el atacante podría necesitar credenciales válidas en el sistema Windows."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","baseScore":7.2,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":3.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-10-24","cisaActionDue":"2022-11-14","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability","weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-427"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-427"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*","versionEndExcluding":"4.9.00086","matchCriteriaId":"4B36BF8D-9AFC-49EF-B794-D4D1513D7F28"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html","source":"psirt@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/159420/Cisco-AnyConnect-Privilege-Escalation.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3433","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}