Directory Path Mismanagement in Cisco AnyConnect Secure Mobility Client for Mac OS
CVE-2020-3432
5.6MEDIUM
Summary
A vulnerability exists in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS, allowing an authenticated local attacker to exploit the improper handling of directory paths. By creating a symbolic link to a targeted file, the attacker can potentially corrupt the contents of the file. The impact of this vulnerability can include the modification of critical system files, possibly leading to denial of service for applications relying on those files. Exploiting this vulnerability requires valid user credentials on the affected system.
Affected Version(s)
Cisco Secure Client
References
CVSS V3.1
Score:
5.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
CVSS V3.0
Score:
5.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
- 👾
Exploit known to exist
Vulnerability published