Lucene search

[email protected]NVD:CVE-2016-9192

HistoryDec 14, 2016 - 12:59 a.m.

CVE-2016-9192

2016-12-1400:59:15

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).

Affected configurations

Nvd

Node

ciscoanyconnect_secure_mobility_clientMatch3.1\(60\)

ciscoanyconnect_secure_mobility_clientMatch3.1.0

ciscoanyconnect_secure_mobility_clientMatch3.1.02043

ciscoanyconnect_secure_mobility_clientMatch3.1.05182

ciscoanyconnect_secure_mobility_clientMatch3.1.05187

ciscoanyconnect_secure_mobility_clientMatch3.1.06073

ciscoanyconnect_secure_mobility_clientMatch3.1.07021

ciscoanyconnect_secure_mobility_clientMatch4.0\(48\)

ciscoanyconnect_secure_mobility_clientMatch4.0\(64\)

ciscoanyconnect_secure_mobility_clientMatch4.0\(2049\)

ciscoanyconnect_secure_mobility_clientMatch4.0.0

ciscoanyconnect_secure_mobility_clientMatch4.0.00048

ciscoanyconnect_secure_mobility_clientMatch4.0.00051

ciscoanyconnect_secure_mobility_clientMatch4.1\(8\)

ciscoanyconnect_secure_mobility_clientMatch4.1.0

ciscoanyconnect_secure_mobility_clientMatch4.2.0

ciscoanyconnect_secure_mobility_clientMatch4.2.04039

ciscoanyconnect_secure_mobility_clientMatch4.3.0

ciscoanyconnect_secure_mobility_clientMatch4.3.00748

ciscoanyconnect_secure_mobility_clientMatch4.3.01095

VendorProductVersionCPE
ciscoanyconnect_secure_mobility_client3.1(60)cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1\(60\):*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client3.1.0cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client3.1.02043cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.02043:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client3.1.05182cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05182:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client3.1.05187cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05187:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client3.1.06073cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.06073:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client3.1.07021cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.07021:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client4.0(48)cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(48\):*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client4.0(64)cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(64\):*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client4.0(2049)cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(2049\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	anyconnect_secure_mobility_client	3.1(60)	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1\(60\):::::::*
cisco	anyconnect_secure_mobility_client	3.1.0	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:::::::*
cisco	anyconnect_secure_mobility_client	3.1.02043	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.02043:::::::*
cisco	anyconnect_secure_mobility_client	3.1.05182	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05182:::::::*
cisco	anyconnect_secure_mobility_client	3.1.05187	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05187:::::::*
cisco	anyconnect_secure_mobility_client	3.1.06073	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.06073:::::::*
cisco	anyconnect_secure_mobility_client	3.1.07021	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.07021:::::::*
cisco	anyconnect_secure_mobility_client	4.0(48)	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(48\):::::::*
cisco	anyconnect_secure_mobility_client	4.0(64)	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(64\):::::::*
cisco	anyconnect_secure_mobility_client	4.0(2049)	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(2049\):::::::*

Rows per page:

1-10 of 201

References

www.securityfocus.com/bid/94770

www.securitytracker.com/id/1037409

github.com/nettitude/PoshC2/blob/master/Modules/CVE-2016-9192.ps1

github.com/serializingme/cve-2016-9192

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2016-9192

cisco1 cvelist1 cve1 nessus1 prion1