CVE-2016-9192 — Cisco Anyconnect Secure Mobility Client vulnerability

CWE-2644 documents4 sources

Severity

7.8HIGHNVD

EPSS

31.1%

top 3.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client Cisco Anyconnect Secure Mobility Client

Timeline

PublishedDec 14

Latest updateMay 17

Description

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/anyconnect_secure_mobility_client20 versions+19

▶CVEListV5cisco/cisco_anyconnect_secure_mobility_clientCisco AnyConnect Secure Mobility Client

🔴Vulnerability Details

GHSA

GHSA-pw88-gjwv-2cw5: A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrar↗2022-05-17

▶

CVEList

CVE-2016-9192: A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrar↗2016-12-14

▶

📋Vendor Advisories

Cisco

Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability↗2016-12-07

▶