CVE-2020-27123

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device.

Published: Nov 6, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-27123
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:C/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
cisco / anyconnect_secure_mobility_client	-	4.9.03047

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-file-read-LsvDD6Uh

Vulnerability Database

289,784

CVE-2020-27123