Convolutional neural networks (CNN) is a popular architecture in machine learning for its predictive power, notably in computer vision and medical image analysis. Its great predictive power requires extensive computation, which encourages model owners to host the prediction service in a cloud platform. This article proposes a CNN prediction scheme that preserves privacy in the outsourced setting, i.e., the model-hosting server cannot learn the query, (intermediate) results, and the model. Similar to SecureML (S&P’17), a representative work that provides model privacy, we employ two non-colluding servers with secret sharing and triplet generation to minimize the usage of heavyweight cryptography. We made the following optimizations for both overall latency and accuracy. 1) We adopt asynchronous computation and SIMD for offline triplet generation and parallelizable online computation. 2) As MiniONN (CCS’17) and its improvement by the generic EzPC compiler (EuroS&P’19), we use a garbled circuit for the non-polynomial ReLU activation to keep the same accuracy as the underlying network (instead of approximating it in SecureML prediction). 3) For the pooling in CNN, we employ (linear) average-pooling, which achieves almost the same accuracy as the (non-linear, and hence less efficient) max-pooling exhibited by MiniONN and EzPC. Considering both offline and online costs, our experiments on the MNIST dataset show a latency reduction of $122\times$, $14.63\times$, and $36.69\times$ compared to SecureML, MiniONN, and EzPC; and a reduction of communication costs by $1.09\times$, $36.69\times$, and $31.32\times$, respectively. On the CIFAR dataset, our scheme achieves a lower latency by $7.14\times$ and $3.48\times$ and lower communication costs by $13.88\times$ and $77.46\times$ when compared with MiniONN and EzPC, respectively.