CVE-2013-1172 — Improper Input Validation in Cisco Anyconnect Secure Mobility Client

CWE-20 — Improper Input Validation CWE-2645 documents5 sources

Severity

6.6MEDIUMNVD

EPSS

0.1%

top 75.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedApr 11

Latest updateMay 17

Description

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 2.7 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client57 versions+56

🔴Vulnerability Details

GHSA

GHSA-hh2p-9vch-wghh: The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local u↗2022-05-17

▶

CVEList

CVE-2013-1172: The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local u↗2013-04-11

▶

💥Exploits & PoCs

Exploit-DB

WordPress Plugin Category Grid View Gallery - 'ID' Cross-Site Scripting↗2013-07-02

▶

📋Vendor Advisories

Cisco

Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Privilege Elevation Vulnerability↗2013-04-11

▶