CVE-2018-0373Improper Input Validation in Cisco Anyconnect Secure Mobility Client

CWE-20Improper Input Validation4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Anyconnect Secure Mobility Client
Timeline
PublishedJun 21
Latest updateMay 13

Description

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-c67c-4f8w-x4cx: A vulnerability in vpnva-62022-05-13
CVEList
CVE-2018-0373: A vulnerability in vpnva-62018-06-21

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability2018-06-20
CVE-2018-0373 — Improper Input Validation in Cisco | cvebase