var-202011-1023
Vulnerability from variot
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability. Cisco AnyConnect Secure Mobility Client There are unspecified vulnerabilities in the software.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco AnyConnect Secure Mobility Client for Linux, etc. are all products of Cisco (Cisco). Cisco AnyConnect Secure Mobility Client for Linux is a Linux-based secure mobile client that provides secure access to networks and applications from any device. Cisco AnyConnect Secure Mobility Client for Android is a secure mobile client based on the Android platform that provides secure access to networks and applications from any device. Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobile client that provides secure access to networks and applications from any device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1023",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "98.145\\(86\\)"
},
{
"model": "anyconnect secure mobility client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "4.9\\(3052\\)"
},
{
"model": "cisco anyconnect secure mobility client",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"cve": "CVE-2020-3556",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CVE-2020-3556",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-181681",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2020-3556",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-3556",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-3556",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3556",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-3556",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-332",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-181681",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-3556",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181681"
},
{
"db": "VULMON",
"id": "CVE-2020-3556"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-332"
},
{
"db": "NVD",
"id": "CVE-2020-3556"
},
{
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user. In order to successfully exploit this vulnerability, there must be an ongoing AnyConnect session by the targeted user at the time of the attack. To exploit this vulnerability, the attacker would also need valid user credentials on the system upon which the AnyConnect client is being run. Cisco has not released software updates that address this vulnerability. Cisco AnyConnect Secure Mobility Client There are unspecified vulnerabilities in the software.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Cisco AnyConnect Secure Mobility Client for Linux, etc. are all products of Cisco (Cisco). Cisco AnyConnect Secure Mobility Client for Linux is a Linux-based secure mobile client that provides secure access to networks and applications from any device. Cisco AnyConnect Secure Mobility Client for Android is a secure mobile client based on the Android platform that provides secure access to networks and applications from any device. Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobile client that provides secure access to networks and applications from any device",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3556"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "VULHUB",
"id": "VHN-181681"
},
{
"db": "VULMON",
"id": "CVE-2020-3556"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3556",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013361",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-332",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3822",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3822.4",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-181681",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-3556",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181681"
},
{
"db": "VULMON",
"id": "CVE-2020-3556"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-332"
},
{
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"id": "VAR-202011-1023",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-181681"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:37:12.633000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-anyconnect-ipc-KfQO9QhK",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK"
},
{
"title": "Cisco AnyConnect Secure Mobility Client IPC Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132761"
},
{
"title": "Cisco: Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-anyconnect-ipc-KfQO9QhK"
},
{
"title": "sec-daily-2020",
"trust": 0.1,
"url": "https://github.com/alphaSeclab/sec-daily-2020 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-3556"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-332"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-anyconnect-ipc-kfqo9qhk"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3556"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3822/"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-anyconnect-secure-mobility-client-code-execution-via-ipc-33812"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3822.4/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-181681"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-332"
},
{
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-181681"
},
{
"db": "VULMON",
"id": "CVE-2020-3556"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-332"
},
{
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-181681"
},
{
"date": "2020-11-06T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3556"
},
{
"date": "2021-06-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"date": "2020-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-332"
},
{
"date": "2020-11-06T19:15:14.657000",
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-181681"
},
{
"date": "2020-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3556"
},
{
"date": "2021-06-28T08:08:00",
"db": "JVNDB",
"id": "JVNDB-2020-013361"
},
{
"date": "2021-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-332"
},
{
"date": "2024-11-21T05:31:18.510000",
"db": "NVD",
"id": "CVE-2020-3556"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-332"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco\u00a0AnyConnect\u00a0Secure\u00a0Mobility\u00a0Client\u00a0 Software vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013361"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-332"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…