Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2017-6638

Published: 08/06/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Anyconnect Secure Mobility Client

Vulnerability Summary

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local malicious user to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the malicious user to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions before 4.4.02034. Cisco Bug IDs: CSCvc97928.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco anyconnect secure mobility client

Vendor Advisories

Cisco: Cisco AnyConnect Local Privilege Escalation Vulnerability
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account The vulnerability is due to incomplete input validation of path and file names of a DLL file bef ...

Github Repositories

https://github.com/srozb/anypwn

Pwn any Anyconnect (except those patched).

AnyPwn Pwn any Anyconnect (except those patched) This repo summarizes the fun I had playing with Cisco Anyconnect VPN Mobility Client It's more like a framework to craft malicious CIPC messages and fuzz the vpnserviceexe Hope to get back to this one day My take on CVE-2020-3153 implements a slight difference in payload to evade Symantec HIPS Exploits implemented so f

References

CWE-20https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-anyconnecthttp://www.securityfocus.com/bid/98938http://www.securitytracker.com/id/1038627https://nvd.nist.govhttps://github.com/srozb/anypwnhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-anyconnect
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook