CVE-2017-6788 — Cross-site Scripting in Systems INC Anyconnect Weblaunch

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 53.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Systems INC Anyconnect Weblaunch Cisco Anyconnect Secure Mobility Client

Timeline

PublishedAug 17

Latest updateMay 17

Description

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepti…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDcisco/anyconnect_secure_mobility_client4.4\(4027\), 4.5\(58\)+1

▶CVEListV5cisco_systems_inc/anyconnect_weblaunch98.89(40)

🔴Vulnerability Details

GHSA

GHSA-rg93-gvp9-mv6g: The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote a↗2022-05-17

▶

CVEList

CVE-2017-6788: The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote a↗2017-08-17

▶

📋Vendor Advisories

Cisco

Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability↗2017-08-16

▶