Details of VAR-201304-0285

ID

VAR-201304-0285

CVE

CVE-2013-1173

TITLE

Cisco AnyConnect Secure Mobility Client Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-002227

DESCRIPTION

Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. Vendors have confirmed this vulnerability Bug ID CSCud14143 It is released as.Authority may be obtained by local users. Local attackers can exploit this issue to gain elevated SYSTEM privileges. Successful exploits will result in the complete compromise of affected computers. This issue is being tracked by Cisco Bug ID CSCud14143

Trust: 1.98

sources: NVD: CVE-2013-1173 // JVNDB: JVNDB-2013-002227 // BID: 59036 // VULHUB: VHN-61175

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.2052	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.1047	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5125	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5118	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5116	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5112	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7073	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7030	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4014	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5080	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5075	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.4235	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3054	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3050	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.6005	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5131	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5130	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3055	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3054	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3051	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2019	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2018	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2017	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2014	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2011	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2010	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2006	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2001	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.1025	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.5004	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4004	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.1012	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.2016	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.140	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.136	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.133	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.128	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3046	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3041	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.254	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.185	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.1	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.0629	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.08057	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.2.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.07059	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.0202	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.00495	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.0217	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.08066	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.495	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.8066	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.8057	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.7059	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.629	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.217	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.202	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2	Trust: 0.3

sources: BID: 59036 // JVNDB: JVNDB-2013-002227 // CNNVD: CNNVD-201304-191 // NVD: CVE-2013-1173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1173
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1173
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201304-191
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61175
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1173
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61175
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.7
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61175 // JVNDB: JVNDB-2013-002227 // CNNVD: CNNVD-201304-191 // NVD: CVE-2013-1173

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-61175 // JVNDB: JVNDB-2013-002227 // NVD: CVE-2013-1173

THREAT TYPE

local

Trust: 0.9

sources: BID: 59036 // CNNVD: CNNVD-201304-191

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201304-191

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-002227

PATCH

title:	Cisco AnyConnect ciscod.exe Heap Overflow Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1173	Trust: 0.8
title:	28931	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=28931	Trust: 0.8

sources: JVNDB: JVNDB-2013-002227

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1173	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-002227	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-191	Trust: 0.7
db:	CISCO	id:	20130410 CISCO ANYCONNECT CISCOD.EXE HEAP OVERFLOW VULNERABILITY	Trust: 0.6
db:	BID	id:	59036	Trust: 0.4
db:	VULHUB	id:	VHN-61175	Trust: 0.1

sources: VULHUB: VHN-61175 // BID: 59036 // JVNDB: JVNDB-2013-002227 // CNNVD: CNNVD-201304-191 // NVD: CVE-2013-1173

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1173	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1173	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1173	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61175 // BID: 59036 // JVNDB: JVNDB-2013-002227 // CNNVD: CNNVD-201304-191 // NVD: CVE-2013-1173

CREDITS

Cisco

Trust: 0.3

sources: BID: 59036

SOURCES

db:	VULHUB	id:	VHN-61175
db:	BID	id:	59036
db:	JVNDB	id:	JVNDB-2013-002227
db:	CNNVD	id:	CNNVD-201304-191
db:	NVD	id:	CVE-2013-1173

LAST UPDATE DATE

2024-11-23T22:56:40.458000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61175	date:	2013-04-11T00:00:00
db:	BID	id:	59036	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002227	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-191	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1173	date:	2024-11-21T01:49:02.783

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61175	date:	2013-04-11T00:00:00
db:	BID	id:	59036	date:	2013-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2013-002227	date:	2013-04-15T00:00:00
db:	CNNVD	id:	CNNVD-201304-191	date:	2013-04-12T00:00:00
db:	NVD	id:	CVE-2013-1173	date:	2013-04-11T10:55:02.107