Cisco Products Multiple Vulnerabilities
Release Date:
26 Oct 2022
5149
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and data manipulation on the targeted system.
Notes:
CVE-2020-3153 and CVE-2020-3433 are being exploited in the wild. These two vulnerabilities require local and authenticated attacker to exploit, the risk level is rated as High Risk.
Impact
- Remote Code Execution
- Data Manipulation
System / Technologies affected
- Cisco AnyConnect Secure Mobility Client
Please refer to the link below for detail:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
Vulnerability Identifier
Source
Related Link
Share with