Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Heap Overflow Vulnerability

2013-04-1119:57:23

tools.cisco.com

6.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop contains a heap overflow vulnerability that could allow a local, unprivileged user to elevate its privileges to those of SYSTEM.

Cisco has confirmed the vulnerability in a security notice and software updates are available.

To exploit this vulnerability, the attacker must have local access to a targeted system. This access restriction limits the possibility of a successful exploit.

Customers are advised to review the bug report in the Vendor Announcements section for a current list of affected versions.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

ciscosecure_desktopMatchany

ciscoanyconnect_secure_mobility_clientMatchany

ciscosecure_desktopMatchany

ciscoanyconnect_secure_mobility_clientMatchany

CPENameOperatorVersion
cisco secure desktopeqany
cisco anyconnect secure mobility clienteqany
cisco secure desktopeqany
cisco anyconnect secure mobility clienteqany