CVE-2016-6369

Опубликовано: 25 авг. 2016

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect
Vendor Advisory
http://www.securityfocus.com/bid/92625
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036697
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect
Vendor Advisory
http://www.securityfocus.com/bid/92625
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036697
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0.0343:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1.0148:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0133:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0136:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0140:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0185:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0254:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.1003:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.1012:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.0217:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2006:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2010:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2011:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2014:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2017:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2018:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2019:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3041:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3046:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3051:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3054:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3055:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5_base:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0629:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.1047:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.2052:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3050:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3054:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.4235:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5075:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5080:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09231:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09266:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09353:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1\(60\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.02043:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05182:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05187:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.06073:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.07021:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(48\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(64\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(2049\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00048:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00051:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1\(8\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.04039:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.00748:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.01095:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00099

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-2gmp-cvhp-m5qp