The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco AnyConnect Secure Mobility Client

computer vulnerability bulletin CVE-2018-0373

Cisco AnyConnect Secure Mobility Client for Windows Desktop: denial of service

Synthesis of the vulnerability

An attacker can generate a fatal error of Cisco AnyConnect Secure Mobility Client for Windows Desktop, in order to trigger a denial of service.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 21/06/2018.
Identifiers: CERTFR-2018-AVI-298, cisco-sa-20180620-anyconnect-dos, CSCvj47654, CVE-2018-0373, VIGILANCE-VUL-26468.

Description of the vulnerability

An attacker can generate a fatal error of Cisco AnyConnect Secure Mobility Client for Windows Desktop, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0334

Cisco AnyConnect: information disclosure via Certificate Management Subsystem

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Certificate Management Subsystem of Cisco AnyConnect, in order to obtain sensitive information.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, CSCvh23141, CVE-2018-0334, VIGILANCE-VUL-26339.

Description of the vulnerability

An attacker can bypass access restrictions to data via Certificate Management Subsystem of Cisco AnyConnect, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0229

Cisco ASA, Cisco AnyConnect: privilege escalation via SAML Authentication Session Fixation

Synthesis of the vulnerability

An attacker can bypass restrictions via SAML Authentication Session Fixation of Cisco ASA and Cisco AnyConnect, in order to escalate his privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client, ASA.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 19/04/2018.
Identifiers: CERTFR-2018-AVI-194, cisco-sa-20180418-asaanyconnect, CSCvg65072, CSCvh87448, CVE-2018-0229, VIGILANCE-VUL-25923.

Description of the vulnerability

An attacker can bypass restrictions via SAML Authentication Session Fixation of Cisco ASA and Cisco AnyConnect, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-0100

Cisco AnyConnect: external XML entity injection via Profile Editor

Synthesis of the vulnerability

An attacker can transmit malicious XML data via Profile Editor to Cisco AnyConnect, in order to read a file, scan sites, or trigger a denial of service.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 2/4.
Consequences: data reading, denial of service on service.
Provenance: document.
Creation date: 18/01/2018.
Identifiers: cisco-sa-20180117-acpe, CSCvg19341, CVE-2018-0100, VIGILANCE-VUL-25117.

Description of the vulnerability

XML data can contain external entities (DTD):
  <!ENTITY name SYSTEM "file">
  <!ENTITY name SYSTEM "http://server/file">
A program which reads these XML data can replace these entities by data coming from the indicated file. When the program uses XML data coming from an untrusted source, this behavior leads to:
 - content disclosure from files of the server
 - private web site scan
 - a denial of service by opening a blocking file
This feature must be disabled to process XML data coming from an untrusted source.

However, the Cisco AnyConnect parser allows external entities.

An attacker can therefore transmit malicious XML data via Profile Editor to Cisco AnyConnect, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-13077 CVE-2017-13078 CVE-2017-13079

WPA2: information disclosure via Key Reinstallation Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, ArubaOS, Cisco Aironet, Cisco AnyConnect Secure Mobility Client, ASA, Meraki MR***, Cisco IP Phone, Cisco Wireless IP Phone, Debian, Fedora, FortiGate, FortiOS, FreeBSD, Android OS, Junos OS, SSG, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, openSUSE Leap, pfSense, 802.11 protocol, RHEL, RuggedSwitch, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: data reading.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 10.
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-12268

Cisco AnyConnect Secure Mobility Client: privilege escalation via NAM

Synthesis of the vulnerability

An attacker can bypass restrictions via NAM of Cisco AnyConnect Secure Mobility Client, in order to escalate his privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data flow.
Provenance: user account.
Creation date: 05/10/2017.
Identifiers: CERTFR-2017-AVI-333, cisco-sa-20171004-anam, CSCvf66539, CVE-2017-12268, VIGILANCE-VUL-24028.

Description of the vulnerability

An attacker can bypass restrictions via NAM of Cisco AnyConnect Secure Mobility Client, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-6788

Cisco AnyConnect Secure Mobility Client: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco AnyConnect Secure Mobility Client, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 17/08/2017.
Identifiers: CERTFR-2017-AVI-269, cisco-sa-20170816-caw, CSCvf12055, CVE-2017-6788, VIGILANCE-VUL-23557.

Description of the vulnerability

The Cisco AnyConnect Secure Mobility Client product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cisco AnyConnect Secure Mobility Client, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-6638

Cisco AnyConnect Secure Mobility Client: executing DLL code

Synthesis of the vulnerability

An attacker can create a malicious DLL, and then put it in the current directory of Cisco AnyConnect Secure Mobility Client for MS-Windows, in order to run code with the system privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 08/06/2017.
Identifiers: CERTFR-2017-AVI-171, cisco-sa-20170607-anyconnect, CVE-2017-6638, VIGILANCE-VUL-22920.

Description of the vulnerability

The Cisco AnyConnect Secure Mobility Client product uses external shared libraries (DLL).

However, if the working directory contains a malicious DLL, it is automatically loaded.

An attacker can therefore create a malicious DLL, and then put it in the current directory of Cisco AnyConnect Secure Mobility Client for MS-Windows, in order to run code with the system privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-3813

Cisco AnyConnect Secure Mobility Client: privilege escalation via Start Before Logon

Synthesis of the vulnerability

An attacker can bypass restrictions via Start Before Logon of Cisco AnyConnect Secure Mobility Client, in order to escalate his privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 08/02/2017.
Identifiers: CERTFR-2017-AVI-043, cisco-sa-20170208-anyconnect, CSCvc43976, CVE-2017-3813, VIGILANCE-VUL-21781.

Description of the vulnerability

An attacker can bypass restrictions via Start Before Logon of Cisco AnyConnect Secure Mobility Client, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-7053 CVE-2016-7054 CVE-2016-7055

OpenSSL 1.1: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL 1.1.
Impacted products: Cisco ASR, Cisco Aironet, Cisco ATA, Cisco AnyConnect Secure Mobility Client, ASA, AsyncOS, Cisco ESA, IOS by Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Cisco Prime LMS, Cisco Router, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco IP Phone, Cisco MeetingPlace, Cisco Wireless IP Phone, Cisco Wireless Controller, NetWorker, VNX Operating Environment, VNX Series, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiOS, IRAD, Tivoli Storage Manager, Junos OS, Juniper Network Connect, NSM Central Manager, NSMXpress, SRX-Series, MySQL Community, MySQL Enterprise, Data ONTAP, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Identity Management, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, WebLogic, Oracle Web Tier, Percona Server, pfSense, Pulse Connect Secure, Pulse Secure Client.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 10/11/2016.
Revision date: 13/12/2016.
Identifiers: 2004036, 2004940, 2011567, 492284, 492616, bulletinapr2017, CERTFR-2018-AVI-343, cisco-sa-20161114-openssl, cpuapr2019, cpujan2018, cpujul2017, CVE-2016-7053, CVE-2016-7054, CVE-2016-7055, ESA-2016-148, ESA-2016-149, FG-IR-17-019, JSA10775, NTAP-20170127-0001, NTAP-20170310-0002, NTAP-20180201-0001, openSUSE-SU-2017:0527-1, openSUSE-SU-2017:0941-1, openSUSE-SU-2018:0458-1, SA40423, VIGILANCE-VUL-21093.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL 1.1.

An attacker can generate a buffer overflow via ChaCha20/Poly1305, in order to trigger a denial of service. [severity:2/4; CVE-2016-7054]

An attacker can force a NULL pointer to be dereferenced via CMS Structures, in order to trigger a denial of service. [severity:2/4; CVE-2016-7053]

An error occurs in the Broadwell-specific Montgomery Multiplication Procedure, but with no apparent impact. [severity:1/4; CVE-2016-7055]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco AnyConnect Secure Mobility Client: