Cisco VPN Exploit CVE-2020-3153

  • by

The other day I encountered the Cisco VPN software for Windows during an assessment. With a quick search on the internet it seemed that this version is vulnerable for privilege escalation through path traversal. This is written in CVE-2020-3153

I found a github repository which has an exploit for this vulnerability. So here it is. I used the XML version because defender did detect the exe file as malicious. Download the files in the github repo and open a CMD window. type or paste C:\Windows\Microsoft.Net\Framework64\v4.0.30319\MSBuild.exe c:\path\to\CVE-2020-3153.xml and hit enter.

When the exploit is successful, it will open a new CMD window as system

I also made a video about this.

Leave a Reply

Your email address will not be published. Required fields are marked *