{"uuid": "26f10523-1b8b-4188-ae19-9b26a76e27ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-3153", "type": "seen", "source": "https://t.me/arpsyndicate/244", "content": "#ExploitObserverAlert\n\nCVE-2020-3153\n\nDESCRIPTION: Exploit Observer has 25 entries related to CVE-2020-3153. A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.\n\nFIRST-EPSS: 0.000830000\nNVD-IS: 4.0\nNVD-ES: 2.0", "creation_timestamp": "2023-11-17T08:58:02.000000Z"}