Executive Summary

Title Cisco AnyConnect Secure Mobility Client for Windows SBL Privileges Escalation Vulnerability
Name cisco-sa-20170208-anyconnect First vendor Publication 2017-02-08
Vendor Cisco Last vendor Modification 2017-02-08
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user.

The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect


iQIcBAEBCgAGBQJYmzQYAAoJEK89gD3EAJB5ShwQANzEV1txdm9Sb7W+5YB7jt61 bkfUi8XQAHxI0BavOPY5DOwNAdAzqVhSXPyY6PLminlCCE2xoVd/+xkXVZjs/3bW 1BEZPkc408L0TCagT0JMwKSStvvKqyOBMFAblgOh/OtRHI8Yfkmxz8xEE0Zyx/oq KCcHwh9uiqBjPNTIos/oM7gf1BwXO9HW4NvsvSNjjS+xhDbEsf3Rev1lpHJdiEic JqFfHqgVs7mkd+A5q1MIINo/rSoAXu3Qu4oyNs0IYzQi8nr1DqI64hhSGvapp5qe nsy7ryF3WL5DfJP/GGG6WNZfQqDA/HU+Wsh8fdeoExIRAhcsKK9pgx09+XpnEpv9 +IyLp6HcjnTSBS1LATVYGfKTk7LOhOwpz3Dr5yJUxM2sD45/ZRpDaU5HfmN94R01 6to6XPcXVYEqQNfXi2EVvlgdcE4vbI0JygDS/gWLeExNmpo1LANth9tKNj7BNJOp 0AZvThX+sG6wJhaVxVP9fOJ+CznNa01RzLkinBjPXcjCqL4PH+8kJfuEYZOEPhy1 1XcCdyW09tpkL1TzBQNFC8dBHEkB4Zq118oclgfMwjA52Gr8bBh35itdxgQuAzX7 obNZcuqk4Ky44gMfPEjgcj9Ku2CxwwY0igrusE1f/hWgjFaATHYiDkn7G3fwezfp U6hzONkgWE1mKTsm1oIq =68r4 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CPE : Common Platform Enumeration

Application 25

Nessus® Vulnerability Scanner

Date Description
2017-02-17 Name : A VPN application installed on the remote host is affected by a privilege esc...
File : cisco_anyconnect_CSCvc43976.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2017-02-24 21:25:53
  • Multiple Updates
2017-02-18 13:26:13
  • Multiple Updates
2017-02-08 21:23:45
  • First insertion