CVE-2018-0373

Published Jun 21, 2018

Last updated 3 days ago

CVSS medium 5.5

Overview

Description: A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

ykramarz@cisco.com: CWE-20
nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(58\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B0A0171-260B-4E2D-8D7F-035345D9C902"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(1044\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "468C81E8-D599-47AE-870E-641CEEC0BF7B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(2033\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "426675B2-921D-4C1C-ACAA-AC1B8439CA66"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(2036\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B256AAA-0DFB-41A4-BC98-2DB809C08A33"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(3040\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "788EC44C-08A7-42EA-B657-ED0E02D4EBE6"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(4029\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DAD5740-B44F-498A-B997-8C0482BCDD8B"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(5030\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "023FB667-653F-4634-9C65-4D076AD16F51"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6\\(362\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72519817-7E9A-433D-B03D-32C8382E2DB4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6\\(1098\\):*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE6AC94E-E971-4E42-B410-68CD49B39AB9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References