Details of VAR-201304-0284

ID

VAR-201304-0284

CVE

CVE-2013-1172

TITLE

Cisco AnyConnect Secure Mobility Client Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-002226

DESCRIPTION

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. Vendors have confirmed this vulnerability Bug ID CSCud14153 It is released as.Authority may be obtained by local users. Local attackers can exploit these issues to gain elevated SYSTEM privileges. Successful exploits will result in the complete compromise of affected computers. This issue is being tracked by Cisco Bug ID CSCud14153

Trust: 1.98

sources: NVD: CVE-2013-1172 // JVNDB: JVNDB-2013-002226 // BID: 59034 // VULHUB: VHN-61174

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.1025	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.1047	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.2052	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2006	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2001	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.08057	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.2.0	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.00495	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2019	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3046	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3054	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3051	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5130	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4004	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2014	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.5004	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.1012	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4014	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.128	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.133	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3050	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3054	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7073	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5075	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2011	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.136	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3041	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.1	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2010	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5131	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.140	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5112	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3055	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5116	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5080	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5125	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5118	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2017	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.185	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.4235	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.2016	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.6005	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.254	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2018	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7030	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.0629	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.07059	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.0202	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.0217	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.08066	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.8057	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.8066	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.217	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.629	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.202	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.495	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.7059	Trust: 0.3

sources: BID: 59034 // JVNDB: JVNDB-2013-002226 // CNNVD: CNNVD-201304-190 // NVD: CVE-2013-1172

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1172
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1172
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201304-190
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61174
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1172
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61174
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61174 // JVNDB: JVNDB-2013-002226 // CNNVD: CNNVD-201304-190 // NVD: CVE-2013-1172

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-61174 // JVNDB: JVNDB-2013-002226 // NVD: CVE-2013-1172

THREAT TYPE

local

Trust: 0.9

sources: BID: 59034 // CNNVD: CNNVD-201304-190

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201304-190

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002226

PATCH

title:	Cisco AnyConnect Security Service File Verification Privilege Elevation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1172	Trust: 0.8
title:	28930	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28930	Trust: 0.8

sources: JVNDB: JVNDB-2013-002226

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1172	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-002226	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-190	Trust: 0.7
db:	CISCO	id:	20130410 CISCO ANYCONNECT SECURITY SERVICE FILE VERIFICATION PRIVILEGE ELEVATION VULNERABILITY	Trust: 0.6
db:	BID	id:	59034	Trust: 0.4
db:	VULHUB	id:	VHN-61174	Trust: 0.1

sources: VULHUB: VHN-61174 // BID: 59034 // JVNDB: JVNDB-2013-002226 // CNNVD: CNNVD-201304-190 // NVD: CVE-2013-1172

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1172	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1172	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1172	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61174 // BID: 59034 // JVNDB: JVNDB-2013-002226 // CNNVD: CNNVD-201304-190 // NVD: CVE-2013-1172

CREDITS

Cisco

Trust: 0.3

sources: BID: 59034

SOURCES

db:	VULHUB	id:	VHN-61174
db:	BID	id:	59034
db:	JVNDB	id:	JVNDB-2013-002226
db:	CNNVD	id:	CNNVD-201304-190
db:	NVD	id:	CVE-2013-1172

LAST UPDATE DATE

2024-11-23T22:39:05.410000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61174	date:	2013-04-11T00:00:00
db:	BID	id:	59034	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002226	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-190	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1172	date:	2024-11-21T01:49:02.653

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61174	date:	2013-04-11T00:00:00
db:	BID	id:	59034	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002226	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-190	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1172	date:	2013-04-11T10:55:02.090