The US Cybersecurity and Infrastructure Security Agency (CISA) has added two Cisco and four Gigabyte vulnerabilities to its catalog of Known Exploitable Vulnerabilities. There was only one Gigabyte vulnerability that had been linked to attacks in the past.
Both CVE-2020-3433 and CVE-2020-3153, which affect the AnyConnect Secure Mobility Client for Windows, are Cisco product vulnerabilities. A local, authenticated attacker can use them to execute arbitrary code and copy files with elevated privileges to any location.
Both flaws have specifics and proof-of-concept (PoC) code available, but SecurityWeek was unable to locate any publicly available reports describing how to exploit the flaws. Cisco currently states in its advisories for CVE-2020-3433 and CVE-2020-3153 that it is not aware of malicious exploitation.