Lucene search
HistoryAug 25, 2016 - 9:59 p.m.
CVE-2016-6369
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0
Percentile
5.1%
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
Affected configurations
Node
ciscoanyconnect_secure_mobility_clientMatch2.0.0343
ORciscoanyconnect_secure_mobility_clientMatch2.1.0148
ORciscoanyconnect_secure_mobility_clientMatch2.2.0133
ORciscoanyconnect_secure_mobility_clientMatch2.2.0136
ORciscoanyconnect_secure_mobility_clientMatch2.2.0140
ORciscoanyconnect_secure_mobility_clientMatch2.3.0185
ORciscoanyconnect_secure_mobility_clientMatch2.3.0254
ORciscoanyconnect_secure_mobility_clientMatch2.3.1003
ORciscoanyconnect_secure_mobility_clientMatch2.3.2016
ORciscoanyconnect_secure_mobility_clientMatch2.4.0202
ORciscoanyconnect_secure_mobility_clientMatch2.4.1012
ORciscoanyconnect_secure_mobility_clientMatch2.5.0217
ORciscoanyconnect_secure_mobility_clientMatch2.5.2006
ORciscoanyconnect_secure_mobility_clientMatch2.5.2010
ORciscoanyconnect_secure_mobility_clientMatch2.5.2011
ORciscoanyconnect_secure_mobility_clientMatch2.5.2014
ORciscoanyconnect_secure_mobility_clientMatch2.5.2017
ORciscoanyconnect_secure_mobility_clientMatch2.5.2018
ORciscoanyconnect_secure_mobility_clientMatch2.5.2019
ORciscoanyconnect_secure_mobility_clientMatch2.5.3041
ORciscoanyconnect_secure_mobility_clientMatch2.5.3046
ORciscoanyconnect_secure_mobility_clientMatch2.5.3051
ORciscoanyconnect_secure_mobility_clientMatch2.5.3054
ORciscoanyconnect_secure_mobility_clientMatch2.5.3055
ORciscoanyconnect_secure_mobility_clientMatch2.5_base
ORciscoanyconnect_secure_mobility_clientMatch3.0.0
ORciscoanyconnect_secure_mobility_clientMatch3.0.0629
ORciscoanyconnect_secure_mobility_clientMatch3.0.1047
ORciscoanyconnect_secure_mobility_clientMatch3.0.2052
ORciscoanyconnect_secure_mobility_clientMatch3.0.3050
ORciscoanyconnect_secure_mobility_clientMatch3.0.3054
ORciscoanyconnect_secure_mobility_clientMatch3.0.4235
ORciscoanyconnect_secure_mobility_clientMatch3.0.5075
ORciscoanyconnect_secure_mobility_clientMatch3.0.5080
ORciscoanyconnect_secure_mobility_clientMatch3.0.09231
ORciscoanyconnect_secure_mobility_clientMatch3.0.09266
ORciscoanyconnect_secure_mobility_clientMatch3.0.09353
ORciscoanyconnect_secure_mobility_clientMatch3.1\(60\)
ORciscoanyconnect_secure_mobility_clientMatch3.1.0
ORciscoanyconnect_secure_mobility_clientMatch3.1.02043
ORciscoanyconnect_secure_mobility_clientMatch3.1.05182
ORciscoanyconnect_secure_mobility_clientMatch3.1.05187
ORciscoanyconnect_secure_mobility_clientMatch3.1.06073
ORciscoanyconnect_secure_mobility_clientMatch3.1.07021
ORciscoanyconnect_secure_mobility_clientMatch4.0\(48\)
ORciscoanyconnect_secure_mobility_clientMatch4.0\(64\)
ORciscoanyconnect_secure_mobility_clientMatch4.0\(2049\)
ORciscoanyconnect_secure_mobility_clientMatch4.0.0
ORciscoanyconnect_secure_mobility_clientMatch4.0.00048
ORciscoanyconnect_secure_mobility_clientMatch4.0.00051
ORciscoanyconnect_secure_mobility_clientMatch4.1\(8\)
ORciscoanyconnect_secure_mobility_clientMatch4.1.0
ORciscoanyconnect_secure_mobility_clientMatch4.2.0
ORciscoanyconnect_secure_mobility_clientMatch4.2.04039
ORciscoanyconnect_secure_mobility_clientMatch4.3.0
ORciscoanyconnect_secure_mobility_clientMatch4.3.00748
ORciscoanyconnect_secure_mobility_clientMatch4.3.01095
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | anyconnect_secure_mobility_client | 2.0.0343 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0.0343:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.1.0148 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1.0148:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.2.0133 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0133:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.2.0136 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0136:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.2.0140 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0140:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.3.0185 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0185:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.3.0254 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0254:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.3.1003 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.1003:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.3.2016 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:*:*:*:*:*:*:* |
| cisco | anyconnect_secure_mobility_client | 2.4.0202 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2016-6369
2016-08-25 21:00:00
cisco
cisco
cve
cve
CVE-2016-6369
2016-08-25 21:59:05
nessus
nessus
prion
prion
Code injection
2016-08-25 21:59:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.6
Confidence
High
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2016-6369