Details of VAR-201608-0221

ID

VAR-201608-0221

CVE

CVE-2016-6369

TITLE

Cisco AnyConnect Secure Mobility Client Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-004453

DESCRIPTION

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. A local attacker may exploit this issue to execute arbitrary commands with elevated SYSTEM privileges. This issue is being tracked by Cisco Bug ID CSCuz92464. The vulnerability is caused by the program not handling path names correctly

Trust: 1.98

sources: NVD: CVE-2016-6369 // JVNDB: JVNDB-2016-004453 // BID: 92625 // VULHUB: VHN-95189

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5080	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.5075	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2019	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2018	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2017	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2014	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3041	Trust: 1.9
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.0	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0\(64\)	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0\(48\)	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.4235	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3054	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.3050	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.2052	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.1047	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3055	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3054	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3051	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2011	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2010	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2006	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.1012	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.2016	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.1003	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3046	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.09266	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.06073	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.07021	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.0185	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.0254	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.1.0148	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.1\(8\)	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.2.04039	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5_base	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.0136	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.00748	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.0629	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.01095	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.0202	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.0140	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0\(2049\)	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.0.0343	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.0133	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.05187	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.00051	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.09231	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.00048	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.02043	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.0217	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.09353	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.05182	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1\(60\)	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.02039	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lt	version:	4.3.x	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.51	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.48	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.7021	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.6073	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.5187	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.5182	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.2043	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.9353	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.9266	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.9231	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.629	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.217	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.202	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.254	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.185	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.140	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.136	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.133	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.1.148	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.0.343	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(64)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(48)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(2049)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1(60)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	ne	version:	4.3.2039	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	ne	version:	4.2.5015	Trust: 0.3

sources: BID: 92625 // JVNDB: JVNDB-2016-004453 // CNNVD: CNNVD-201608-451 // NVD: CVE-2016-6369

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6369
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6369
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-451
value:	HIGH
Trust: 0.6
VULHUB:	VHN-95189
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-6369
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95189
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6369
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95189 // JVNDB: JVNDB-2016-004453 // CNNVD: CNNVD-201608-451 // NVD: CVE-2016-6369

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-95189 // JVNDB: JVNDB-2016-004453 // NVD: CVE-2016-6369

THREAT TYPE

local

Trust: 0.9

sources: BID: 92625 // CNNVD: CNNVD-201608-451

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201608-451

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004453

PATCH

title:	cisco-sa-20160824-anyconnect	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect	Trust: 0.8
title:	Cisco AnyConnect Secure Mobility Client Remedial measures for local privilege escalation	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63774	Trust: 0.6

sources: JVNDB: JVNDB-2016-004453 // CNNVD: CNNVD-201608-451

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6369	Trust: 2.8
db:	BID	id:	92625	Trust: 2.0
db:	SECTRACK	id:	1036697	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-004453	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-451	Trust: 0.7
db:	VULHUB	id:	VHN-95189	Trust: 0.1

sources: VULHUB: VHN-95189 // BID: 92625 // JVNDB: JVNDB-2016-004453 // CNNVD: CNNVD-201608-451 // NVD: CVE-2016-6369

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160824-anyconnect	Trust: 2.0
url:	http://www.securityfocus.com/bid/92625	Trust: 1.7
url:	http://www.securitytracker.com/id/1036697	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6369	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6369	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps10884/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-95189 // BID: 92625 // JVNDB: JVNDB-2016-004453 // CNNVD: CNNVD-201608-451 // NVD: CVE-2016-6369

CREDITS

Felix Willhelm

Trust: 0.9

sources: BID: 92625 // CNNVD: CNNVD-201608-451

SOURCES

db:	VULHUB	id:	VHN-95189
db:	BID	id:	92625
db:	JVNDB	id:	JVNDB-2016-004453
db:	CNNVD	id:	CNNVD-201608-451
db:	NVD	id:	CVE-2016-6369

LAST UPDATE DATE

2024-11-23T22:34:49.054000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95189	date:	2016-12-12T00:00:00
db:	BID	id:	92625	date:	2016-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-004453	date:	2016-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201608-451	date:	2016-08-26T00:00:00
db:	NVD	id:	CVE-2016-6369	date:	2024-11-21T02:55:59.783

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95189	date:	2016-08-25T00:00:00
db:	BID	id:	92625	date:	2016-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2016-004453	date:	2016-08-29T00:00:00
db:	CNNVD	id:	CNNVD-201608-451	date:	2016-08-25T00:00:00
db:	NVD	id:	CVE-2016-6369	date:	2016-08-25T21:59:05.103