Hackers Actively Exploiting Cisco AnyConnect and GIGABYTE Drivers Vulnerabilities

Deal Score0
Deal Score0

Cisco has warned of energetic exploitation makes an attempt concentrating on a pair of two-year-old safety flaws within the Cisco AnyConnect Safe Mobility Consumer for Home windows.

Tracked as CVE-2020-3153 (CVSS rating: 6.5) and CVE-2020-3433 (CVSS rating: 7.8), the vulnerabilities might allow native authenticated attackers to carry out DLL hijacking and duplicate arbitrary information to system directories with elevated privileges.

Whereas CVE-2020-3153 was addressed by Cisco in February 2020, a repair for CVE-2020-3433 was shipped in August 2020.

“In October 2022, the Cisco Product Safety Incident Response Crew turned conscious of further tried exploitation of this vulnerability within the wild,” the networking tools maker mentioned in an up to date advisory.

“Cisco continues to strongly advocate that clients improve to a set software program launch to remediate this vulnerability.”

The alert comes because the U.S. Cybersecurity and Infrastructure Safety Company (CISA) moved so as to add the 2 flaws to its Identified Exploited Vulnerabilities (KEV) catalog, alongside 4 bugs in GIGABYTE drivers, citing proof of energetic abuse within the wild.

The vulnerabilities — assigned the identifiers CVE-2018-19320, CVE-2018-19321, CVE-2018-19322, and CVE-2018-19323, and patched in Could 2020 — might allow an attacker to escalate privileges and run malicious code to take full management of an affected system.


The event additionally follows a complete report launched by Singapore-based Group-IB final week detailing the ways adopted by a Russian-speaking ransomware group dubbed OldGremlin in its assaults geared toward entities working within the nation.

Chief amongst its strategies for gaining preliminary entry is the exploitation of the above-stated Cisco AnyConnect flaws, with the GIGABYTE driver weaknesses employed to disarm safety software program, the latter of which has additionally been put to make use of by the BlackByte ransomware group.

We will be happy to hear your thoughts

Leave a reply

Enable registration in settings - general