Lucene search

[email protected]CVE-2018-0373

HistoryJun 21, 2018 - 11:29 a.m.

CVE-2018-0373

2018-06-2111:29:00

CWE-20

[email protected]

web.nvd.nist.gov

cisco

anyconnect

windows

vulnerability

vpnva-6.sys

vpnva64-6.sys

dos

denial of service

cisco bug ids

cscvj47654.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654.

CPENameOperatorVersion
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(58\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(1044\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(2033\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(2036\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(3040\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(4029\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.5\(5030\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.6\(362\)
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq4.6\(1098\)

CPE	Name	Operator	Version
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(58\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(1044\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(2033\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(2036\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(3040\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(4029\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.5\(5030\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.6\(362\)
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	4.6\(1098\)

References

www.securityfocus.com/bid/104548

www.securitytracker.com/id/1041176

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.7 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2018-0373

prion1 cvelist1 cisco1