CVE-2020-3433
Cisco / AnyConnect Secure
Ransomware campaign
Added 2022-10-24
Due 2022-11-14
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
Required action
Apply updates per vendor instructions.
Notes: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433
Metadata
| Added to KEV | 2022-10-24 |
| Remediation due | 2022-11-14 |
| Ransomware use | Known |
| CWEs | CWE-427 |
| Ingested | 2026-04-24 15:03:13 |
Cross-mesh regulatory overlay
If you're breached via this CVE, what disclosure laws and cyber regs fire? Asks LexiWorld and RegulatoryRadar via signed mesh.