Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2016-6369

Published: 25/08/2016 Updated: 12/12/2016
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Anyconnect Secure Mobility Client

Vulnerability Summary

Cisco AnyConnect Secure Mobility Client prior to 4.2.05015 and 4.3.x prior to 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco anyconnect secure mobility client 2.5.2006

cisco anyconnect secure mobility client 2.5.2011

cisco anyconnect secure mobility client 3.0.1047

cisco anyconnect secure mobility client 2.0.0343

cisco anyconnect secure mobility client 2.3.0185

cisco anyconnect secure mobility client 2.3.1003

cisco anyconnect secure mobility client 2.4.1012

cisco anyconnect secure mobility client 3.0.3054

cisco anyconnect secure mobility client 3.0.09266

cisco anyconnect secure mobility client 3.1.05182

cisco anyconnect secure mobility client 4.0\\(64\\)

cisco anyconnect secure mobility client 3.1.07021

cisco anyconnect secure mobility client 4.0\\(2049\\)

cisco anyconnect secure mobility client 4.2.04039

cisco anyconnect secure mobility client 4.3.00748

cisco anyconnect secure mobility client 2.5.2017

cisco anyconnect secure mobility client 2.5.2018

cisco anyconnect secure mobility client 2.5.2019

cisco anyconnect secure mobility client 2.5.3041

cisco anyconnect secure mobility client 2.5.3046

cisco anyconnect secure mobility client 2.5.3051

cisco anyconnect secure mobility client 2.5.3054

cisco anyconnect secure mobility client 2.5.3055

cisco anyconnect secure mobility client 2.4.0202

cisco anyconnect secure mobility client 3.1.05187

cisco anyconnect secure mobility client 3.1.06073

cisco anyconnect secure mobility client 4.0.00048

cisco anyconnect secure mobility client 4.0.00051

cisco anyconnect secure mobility client 2.5_base

cisco anyconnect secure mobility client 3.0.0

cisco anyconnect secure mobility client 2.5.0217

cisco anyconnect secure mobility client 2.1.0148

cisco anyconnect secure mobility client 2.2.0133

cisco anyconnect secure mobility client 2.2.0136

cisco anyconnect secure mobility client 2.2.0140

cisco anyconnect secure mobility client 3.0.5075

cisco anyconnect secure mobility client 3.0.5080

cisco anyconnect secure mobility client 3.1.0

cisco anyconnect secure mobility client 3.1.02043

cisco anyconnect secure mobility client 4.1.0

cisco anyconnect secure mobility client 4.0.0

cisco anyconnect secure mobility client 4.1\\(8\\)

cisco anyconnect secure mobility client 4.2.0

cisco anyconnect secure mobility client 2.5.2010

cisco anyconnect secure mobility client 2.5.2014

cisco anyconnect secure mobility client 3.0.0629

cisco anyconnect secure mobility client 3.0.2052

cisco anyconnect secure mobility client 2.3.0254

cisco anyconnect secure mobility client 2.3.2016

cisco anyconnect secure mobility client 3.0.3050

cisco anyconnect secure mobility client 3.0.4235

cisco anyconnect secure mobility client 3.0.09231

cisco anyconnect secure mobility client 3.0.09353

cisco anyconnect secure mobility client 4.0\\(48\\)

cisco anyconnect secure mobility client 3.1\\(60\\)

cisco anyconnect secure mobility client 4.3.0

cisco anyconnect secure mobility client 4.3.01095

Vendor Advisories

Cisco: Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account The vulnerability is due to incomplete input validation of path names and filenames of the file ...

References

CWE-264http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnecthttp://www.securitytracker.com/id/1036697http://www.securityfocus.com/bid/92625https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook