Rewterz Threat Advisory – CVE-2020-8477 – ICS: ABB System 800xA Information Manager
July 3, 2020Rewterz Threat Alert – ThiefQuest ransomware impersonating as Google Software Update program
July 3, 2020Rewterz Threat Advisory – CVE-2020-8477 – ICS: ABB System 800xA Information Manager
July 3, 2020Rewterz Threat Alert – ThiefQuest ransomware impersonating as Google Software Update program
July 3, 2020Severity
Medium
Analysis Summary
The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a denial of service condition. To exploit this vulnerability, the attacker would need to have valid credentials on the system.
Impact
Denial of service
Affected Vendors
Cisco
Affected Products
Cisco AnyConnect Secure Mobility Client for Mac OS releases earlier than 4.9.00086
Remediation
Refer to Cisco advisory for the list of affected products and upgraded patches.