- Description
- A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "9980A481-8A54-475A-B735-0C339FF30314",
"versionEndExcluding": "4.10.07061"
},
{
"criteria": "cpe:2.3:a:cisco:secure_client:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "7A856448-9BF4-4693-A1EA-3B6C06DB4259",
"versionEndExcluding": "5.0.02075"
}
],
"operator": "OR"
}
]
}
]