ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·10/24/2022
CVE-2020-3153 added to CISA KEV: Cisco AnyConnect Secure
Status: ✅ Confirmed exploited in the wild
Date added: 2022-10-24
Required action: Apply updates per vendor instructions.
Due date: 2022-11-14
Why this matters
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.