Advertisement
Top
image credit: Adobe Stock

Cisco Confirms In-the-Wild Exploitation of Two VPN Vulnerabilities

October 26, 2022

Via: Security Week
Category:

The US Cybersecurity and Infrastructure Security Agency (CISA) this week added two flaws affecting Cisco’s AnyConnect product to its Known Exploited Vulnerabilities catalog.

The vulnerabilities, tracked as CVE-2020-3433 and CVE-2020-3153, affect the AnyConnect Secure Mobility Client for Windows, and they were patched by Cisco in August 2020. They can be exploited by a local, authenticated attacker to execute arbitrary code and copy files to arbitrary locations, with elevated privileges.

Read More on Security Week

RELATED PUBLICATIONS

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Hugging Face says it fixed some worrying security issues, moves to boost online protection
Google Patches Exploited Pixel Vulnerabilities

Latest Publications

Chinese government website security is often worryingly bad, say Chinese researchers
Indonesia sneakily buys spyware, claims Amnesty International
97% of security leaders have increased SaaS security budgets
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!