Both CVE-2020-3433 and CVE-2020-3153, which affect the AnyConnect Secure Mobility Client for Windows, are Cisco product vulnerabilities. A local, authorised attacker can use them to execute arbitrary code and copy files with elevated rights to any destination.
Both problems have specifics and proof-of-concept (PoC) code accessible, however SecurityWeek was unable to locate any publicly published reports outlining how to exploit the flaws. Cisco presently states in its warnings for CVE-2020-3433 and CVE-2020-3153 that it is not aware of malicious exploitation. Read More…