{"uuid": "5d6ed019-7219-44f2-bea3-d62b7cbbb739", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3153", "type": "seen", "source": "https://t.me/arpsyndicate/1012", "content": "#ExploitObserverAlert\n\nCVE-2020-3153\n\nDESCRIPTION: Exploit Observer has 25 entries related to CVE-2020-3153. A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.\n\nFIRST-EPSS: 0.000830000\nNVD-IS: 4.0\nNVD-ES: 2.0", "creation_timestamp": "2023-12-03T19:37:33.000000Z"}