Lucene search
CiscoCVELIST:CVE-2017-3813HistoryFeb 09, 2017 - 5:00 p.m.
CVE-2017-3813
2017-02-0917:00:00
CWE-264
cisco
www.cve.org
7
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.
CNA Affected
[
{
"product": "Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Cisco AnyConnect Secure Mobility Client Software for Windows Versions prior to released versions 4.4.00243 and later and 4.3.05017 and later."
}
]
}
]Related
zdt
zdt
nessus
nessus
cisco
cisco
exploitpack
exploitpack
packetstorm
packetstorm
Cisco AnyConnect SBL 4.3.04027 Local Privilege Escalation
2017-03-02 00:00:00
prion
prion
Information disclosure
2017-02-09 17:59:00
seebug
seebug
Cisco AnyConnect SBL 4.3.04027 Local Privilege Escalation (CVE-2017-3813)
2017-03-03 00:00:00
cve
cve
CVE-2017-3813
2017-02-09 17:59:00
nvd
nvd
CVE-2017-3813
2017-02-09 17:59:00
exploitdb
exploitdb