Lucene search

[email protected]CVE-2016-6369

HistoryAug 25, 2016 - 9:59 p.m.

CVE-2016-6369

2016-08-2521:59:05

CWE-264

[email protected]

web.nvd.nist.gov

cisco

anyconnect

secure mobility client

privilege escalation

vulnerability

cve-2016-6369

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

Affected configurations

NVD

Node

ciscoanyconnect_secure_mobility_clientMatch2.0.0343

ciscoanyconnect_secure_mobility_clientMatch2.1.0148

ciscoanyconnect_secure_mobility_clientMatch2.2.0133

ciscoanyconnect_secure_mobility_clientMatch2.2.0136

ciscoanyconnect_secure_mobility_clientMatch2.2.0140

ciscoanyconnect_secure_mobility_clientMatch2.3.0185

ciscoanyconnect_secure_mobility_clientMatch2.3.0254

ciscoanyconnect_secure_mobility_clientMatch2.3.1003

ciscoanyconnect_secure_mobility_clientMatch2.3.2016

ciscoanyconnect_secure_mobility_clientMatch2.4.0202

ciscoanyconnect_secure_mobility_clientMatch2.4.1012

ciscoanyconnect_secure_mobility_clientMatch2.5.0217

ciscoanyconnect_secure_mobility_clientMatch2.5.2006

ciscoanyconnect_secure_mobility_clientMatch2.5.2010

ciscoanyconnect_secure_mobility_clientMatch2.5.2011

ciscoanyconnect_secure_mobility_clientMatch2.5.2014

ciscoanyconnect_secure_mobility_clientMatch2.5.2017

ciscoanyconnect_secure_mobility_clientMatch2.5.2018

ciscoanyconnect_secure_mobility_clientMatch2.5.2019

ciscoanyconnect_secure_mobility_clientMatch2.5.3041

ciscoanyconnect_secure_mobility_clientMatch2.5.3046

ciscoanyconnect_secure_mobility_clientMatch2.5.3051

ciscoanyconnect_secure_mobility_clientMatch2.5.3054

ciscoanyconnect_secure_mobility_clientMatch2.5.3055

ciscoanyconnect_secure_mobility_clientMatch2.5_base

ciscoanyconnect_secure_mobility_clientMatch3.0.0

ciscoanyconnect_secure_mobility_clientMatch3.0.0629

ciscoanyconnect_secure_mobility_clientMatch3.0.1047

ciscoanyconnect_secure_mobility_clientMatch3.0.2052

ciscoanyconnect_secure_mobility_clientMatch3.0.3050

ciscoanyconnect_secure_mobility_clientMatch3.0.3054

ciscoanyconnect_secure_mobility_clientMatch3.0.4235

ciscoanyconnect_secure_mobility_clientMatch3.0.5075

ciscoanyconnect_secure_mobility_clientMatch3.0.5080

ciscoanyconnect_secure_mobility_clientMatch3.0.09231

ciscoanyconnect_secure_mobility_clientMatch3.0.09266

ciscoanyconnect_secure_mobility_clientMatch3.0.09353

ciscoanyconnect_secure_mobility_clientMatch3.1\(60\)

ciscoanyconnect_secure_mobility_clientMatch3.1.0

ciscoanyconnect_secure_mobility_clientMatch3.1.02043

ciscoanyconnect_secure_mobility_clientMatch3.1.05182

ciscoanyconnect_secure_mobility_clientMatch3.1.05187

ciscoanyconnect_secure_mobility_clientMatch3.1.06073

ciscoanyconnect_secure_mobility_clientMatch3.1.07021

ciscoanyconnect_secure_mobility_clientMatch4.0\(48\)

ciscoanyconnect_secure_mobility_clientMatch4.0\(64\)

ciscoanyconnect_secure_mobility_clientMatch4.0\(2049\)

ciscoanyconnect_secure_mobility_clientMatch4.0.0

ciscoanyconnect_secure_mobility_clientMatch4.0.00048

ciscoanyconnect_secure_mobility_clientMatch4.0.00051

ciscoanyconnect_secure_mobility_clientMatch4.1\(8\)

ciscoanyconnect_secure_mobility_clientMatch4.1.0

ciscoanyconnect_secure_mobility_clientMatch4.2.0

ciscoanyconnect_secure_mobility_clientMatch4.2.04039

ciscoanyconnect_secure_mobility_clientMatch4.3.0

ciscoanyconnect_secure_mobility_clientMatch4.3.00748

ciscoanyconnect_secure_mobility_clientMatch4.3.01095

CPENameOperatorVersion
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.0.0343
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.1.0148
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.2.0133
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.2.0136
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.2.0140
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.3.0185
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.3.0254
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.3.1003
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.3.2016
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq2.4.0202

CPE	Name	Operator	Version
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.0.0343
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.1.0148
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.2.0133
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.2.0136
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.2.0140
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.3.0185
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.3.0254
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.3.1003
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.3.2016
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	2.4.0202

Rows per page:

1-10 of 571

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect

www.securityfocus.com/bid/92625

www.securitytracker.com/id/1036697

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-6369

cvelist1 cisco1 nessus1 prion1 nvd1