CVE-2017-6638

🗓️ 08 Jun 2017 13:00:00Reported by ciscoType

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows allows local attacker to install and run executable with SYSTEM account privileges

Reporter	Title	Published	Views	Family All 9
BDU FSTEC	The vulnerability in the loading of DLL files of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to install or execute a file with privileges equivalent to those of a Microsoft Windows system administrator account.	23 Jun 201700:00	–	bdu_fstec
Cisco	Cisco AnyConnect Local Privilege Escalation Vulnerability	7 Jun 201716:00	–	cisco
Tenable Nessus	Cisco AnyConnect Secure Mobility Client < 4.4.02034 Local Privilege Escalation	14 Jun 201700:00	–	nessus
CNVD	Cisco AnyConnect Secure Mobility Client Local Elevation of Privilege Vulnerability	9 Jun 201700:00	–	cnvd
Cvelist	CVE-2017-6638	8 Jun 201713:00	–	cvelist
EUVD	EUVD-2017-15692	7 Oct 202500:30	–	euvd
NVD	CVE-2017-6638	8 Jun 201713:29	–	nvd
OSV	CVE-2017-6638	8 Jun 201713:29	–	osv
Prion	Input validation	8 Jun 201713:29	–	prion

NVD

Node

cisco anyconnect_secure_mobility_clientRange≤4.4.00243

[
  {
    "product": "Cisco AnyConnect Local Privilege Escalation Vulnerability",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco AnyConnect Local Privilege Escalation Vulnerability"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/98938
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-anyconnect
securitytracker	www.securitytracker.com/id/1038627

17 Jun 2026 01:22Current

7.5High risk

Vulners AI Score7.5

CVSS 27.2

CVSS 37.8

EPSS0.00371