The US Cybersecurity and Infrastructure Security Agency (CISA) this week added two flaws affecting Cisco’s AnyConnect product to its Known Exploited Vulnerabilities catalog.
The vulnerabilities, tracked as CVE-2020-3433 and CVE-2020-3153, affect the AnyConnect Secure Mobility Client for Windows, and they were patched by Cisco in August 2020. They can be exploited by a local, authenticated attacker to execute arbitrary code and copy files to arbitrary locations, with elevated privileges.