A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-08-17T18:00:57.968215Z
Updated: 2024-11-13T18:15:09.081Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3435
Vulnrichment
Updated: 2024-08-04T07:37:54.683Z
NVD
Status : Modified
Published: 2020-08-17T18:15:13.197
Modified: 2024-11-21T05:31:03.753
Link: CVE-2020-3435
Redhat
No data.