- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
November 9, 2020
Last week, Cisco disclosed a zero-day vulnerability (CVE-2020-3556) that has proof-of-concept exploit code publicly available. It affects their AnyConnect Secure Mobility Client software, an endpoint tool that connects users to enterprise networks via virtual private network (VPN). The vulnerability was reported by Gerbert Roitburd from Secure Mobile Networking Lab (TU Darmstadt).
How It Works
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client allows for an authenticated and local attacker to execute malicious scripts via a targeted user.
Due to lack of authentication to the IPC listener, an attacker could exploit this vulnerability by sending IPC messages to the AnyConnect client IPC listener – resulting in script execution with the privileges of a targeted AnyConnect user, according to Cisco.
For successful exploitation, an attacker would need valid user credentials of the system running the AnyConnect client. They would also need to log into the system during an active AnyConnect session, and gain access to privileges to execute code on that system.
Who is Affected
CVE-2020-3556 affects the AnyConnect Secure Mobility Client for Linux, MacOS, and Windows if they have Bypass Downloader set to its default value of false.
You can verify your Bypass Downloader configuration by opening AnyConnectLocalPolicy.xml file and searching for <BypassDownloader>false</BypassDownloader>
If your Bypass Downloader is set to true, the device is not affected by this vulnerability, according to Cisco.
This vulnerability doesn’t affect the AnyConnect client for Apple iOS or Android.
Mitigation for CVE-2020-3556
There are currently no software updates available to address the AnyConnect zero-day, CVE-2020-3556. Cisco plans to fix this vulnerability in a future release of Cisco AnyConnect Secure Mobility Client software.
Additional Resources
Cisco’s Security Advisory for CVE-2020-3556
AnyConnect Integration
Blumira’s cloud SIEM integrates easily with Cisco AnyConnect to start detecting threats immediately and automating response. Learn more about Blumira’s Cisco AnyConnect integration (logs delivered through ASA firewall & FTD Firepower Threat Defense).
Get a free 14-day trial and deploy in hours to realize value right away:
More from the blog
View All Posts
Security Trends and Info
9 min read
| July 24, 2025
Critical Microsoft SharePoint Server vulnerability allows unauthorized code execution
Read More
Security Alerts
6 min read
| July 1, 2024
New Unauthenticated Remote Code Execution Flaw Identified in OpenSSH Server
Read More
Security Alerts
5 min read
| April 12, 2024
CVE-2024-3400: Palo Alto Vulnerabilities in GlobalProtect Gateway Lead to RCE
Read More