Security News > 2022 > October > Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities

Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities
2022-10-26 07:55

Cisco has warned of active exploitation attempts targeting a pair of two-year-old security flaws in the Cisco AnyConnect Secure Mobility Client for Windows.

Tracked as CVE-2020-3153 and CVE-2020-3433, the vulnerabilities could enable local authenticated attackers to perform DLL hijacking and copy arbitrary files to system directories with elevated privileges.

While CVE-2020-3153 was addressed by Cisco in February 2020, a fix for CVE-2020-3433 was shipped in August 2020.

"In October 2022, the Cisco Product Security Incident Response Team became aware of additional attempted exploitation of this vulnerability in the wild," the networking equipment maker said in an updated advisory.

The alert comes as the U.S. Cybersecurity and Infrastructure Security Agency moved to add the two flaws to its Known Exploited Vulnerabilities catalog, alongside four bugs in GIGABYTE drivers, citing evidence of active abuse in the wild.

Chief among its methods for gaining initial access is the exploitation of the above-stated Cisco AnyConnect flaws, with the GIGABYTE driver weaknesses employed to disarm security software, the latter of which has also been put to use by the BlackByte ransomware group.


News URL

https://thehackernews.com/2022/10/hackers-actively-exploiting-cisco.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-3433 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack.
local
low complexity
cisco CWE-427
7.8
2020-02-19 CVE-2020-3153 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges.
local
low complexity
cisco CWE-427
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751
Gigabyte 7 0 0 4 3 7