How severe is CVE-2020-3153?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2020-3153?

This is classified as CWE-427, which is a common weakness in software security.

CVE-2020-3153

MEDIUM Year: 2020

CVSS v3 Score

6.5

Medium

CVSS v2 Score

4.9

Medium

Weakness Type

CWE-427

View all →

Vulnerability Description

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system.

CVE-2019-5694

MEDIUM

CVSS:6.5(Medium)

NVIDIA Windows GPU Display Driver, R390 driver version, contains a vulnerability in NVIDIA Control Panel in which it incorrectly loads Windows system DLLs without validating the path or signature (als...

CWE-4272019

CVE-2019-5695

MEDIUM

CVSS:6.5(Medium)

NVIDIA GeForce Experience (prior to 3.20.1) and Windows GPU Display Driver (all versions) contains a vulnerability in the local service provider component in which an attacker with local system and pr...

CWE-4272019

CVE-2020-24578

MEDIUM

CVSS:6.5(Medium)

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and dow...

CWE-4272020

CVE-2020-7358

MEDIUM

CVSS:6.5(Medium)

In AppSpider installer versions prior to 7.2.126, the AppSpider installer calls an executable which can be placed in the appropriate directory by an attacker with access to the local machine. This wou...

CWE-4272020

CVE-2020-9667

MEDIUM

CVSS:6.5(Medium)

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker with admin privileges could plant custom binaries and execut...

CWE-4272020

CVE-2020-9681

MEDIUM

CVSS:6.5(Medium)

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator,...

CWE-4272020

CVE-2020-3153

Vulnerability Description

Related Vulnerabilities

CVE-2019-5694

CVE-2019-5695

CVE-2020-24578

CVE-2020-7358

CVE-2020-9667

CVE-2020-9681