6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
The Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop contains multiple vulnerabilities that could allow a local, unprivileged user to elevate privileges to those of SYSTEM.
Cisco has confirmed the vulnerability in a security notice and software updates are available.
To exploit this vulnerability, the attacker must have local access to a targeted system. This access restriction limits the possibility of a successful exploit.
Customers are advised to review the bug report in the Vendor Announcements section for a current list of affected versions.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.