Rewterz Threat Advisory – CVE-2020-12516 – ICS: WAGO Series 750-88x and 750-352
November 4, 2020Rewterz Threat Advisory – Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability
November 5, 2020Rewterz Threat Advisory – CVE-2020-12516 – ICS: WAGO Series 750-88x and 750-352
November 4, 2020Rewterz Threat Advisory – Cisco Webex Meetings Desktop App Arbitrary Code Execution Vulnerability
November 5, 2020Severity
High
Analysis Summary
CVE-2020-3556
The vulnerability is due to a lack of authentication to the IPC listener. An attacker could exploit this vulnerability by sending crafted IPC messages to the AnyConnect client IPC listener. A successful exploit could allow an attacker to cause the targeted AnyConnect user to execute a script. This script would execute with the privileges of the targeted AnyConnect user.
Impact
Arbitrary Code Execution
Affected Vendors
Cisco
Affected Products
- AnyConnect Secure Mobility Client for Linux
- AnyConnect Secure Mobility Client for MacOS
- AnyConnect Secure Mobility Client for Windows
Remediation
Refer to Cisco advisory for the complete list of affected products and their respective patches.