The networking equipment maker Cisco has warned that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.
Tracked as CVE-2020-3433 and CVE-2020-3153, the two vulnerabilities could allow local attackers to perform DLL hijacking attacks and copy files to system directories with SYSTEM privileges or execute arbitrary code on the system.
The bugs affect AnyConnect Secure Mobility Client for Windows and were patched by Cisco back in 2020.
“In October 2022, the Cisco PSIRT became aware of additional attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,” Cisco said in an updated security advisory.
The US Cybersecurity and Infrastructure Security Agency (CISA) has also added two said flaws to its Known Exploited Vulnerabilities catalog.