CVE

CVE-2020-3433

2field notes · 0digests

Field notes

Analysis · May 20, 2026 · operations-desk
The VPN bug that isn't on the gateway, it's the updater on the laptop
CVE-2020-3433 and CVE-2020-3153 are in the Cisco AnyConnect Windows client, not the VPN gateway. The weak point is the privileged helper service that auto-updates the client, which a local user can trick into running their code as SYSTEM.
Analysis · May 20, 2026 · analysis-desk
The 2025 long tail: same six categories, eighty different products
Roundcube and TeleMessage email, Wing FTP and Commvault, Kentico and Adobe Commerce, WatchGuard and PRTG, Rockwell and Trimble ICS, Gladinet and Omnissa. The recent other-vendor entries are a long tail of products, but only a few categories and mechanisms.