ET EXPLOIT Cisco AnyConnect Path Traversal Priv Esc (CVE-2020-3153)

SID: 2030280Rev: 10 viewsHistory

Sourceet/open

CreatedJune 10, 2020

UpdatedJune 10, 2020

Classificationattempted-admin

alert tcp any any -> any 62522 (msg:"ET EXPLOIT Cisco AnyConnect Path Traversal Priv Esc (CVE-2020-3153)"; flow:established,to_server; content:"OCSC"; depth:4; content:"vpndownloader.exe"; distance:0; content:"|5c 2e 2e 2f|dbghelp.dll"; fast_pattern; distance:0; reference:url,ssd-disclosure.com/ssd-advisory-cisco-anyconnect-privilege-elevation-through-path-traversal; reference:url,gist.github.com/ykoster/aeaa893d68adbc5004aa873b3290acd1; reference:cve,2020-3153; classtype:attempted-admin; sid:2030280; rev:1; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, created_at 2020_06_10, cve CVE_2020_3153, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_06_10, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)

References

url	ssd-disclosure.com/ssd-advisory-cisco-anyconnect-privilege-elevation-through-path-traversal
url	gist.github.com/ykoster/aeaa893d68adbc5004aa873b3290acd1
cve	2020-3153

Metadata

affected productWindows_XP_Vista_7_8_10_Server_32_64_Bit

created at2020_06_10

cveCVE-2020-3153

deploymentInternal

confidenceHigh

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_06_10

mitre tactic idTA0007

mitre tactic nameDiscovery

mitre technique idT1083

mitre technique nameFile_And_Directory_Discovery

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!