Details of VAR-201706-0553

ID

VAR-201706-0553

CVE

CVE-2017-6638

TITLE

Windows for Cisco AnyConnect Secure Mobility Client Vulnerabilities in authorization, authority and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-004717

DESCRIPTION

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928. Vendors report this vulnerability Bug ID CSCvc97928 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Cisco AnyConnectSecureMobilityClient is the Cisco Next Generation VPN Client. Remote attackers can use system privileges to install and run executable files

Trust: 2.61

sources: NVD: CVE-2017-6638 // JVNDB: JVNDB-2017-004717 // CNVD: CNVD-2017-09961 // BID: 98938 // VULHUB: VHN-114841 // VULMON: CVE-2017-6638

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-09961

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	4.4.00243	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lt	version:	4.4.02034	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client cisco anyconnect secure mobility client	scope:	lt	version:	4.4.02034	Trust: 0.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4.00243	Trust: 0.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2019	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3046	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3054	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3051	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1.14018	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5130	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4004	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2014	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.5004	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.1012	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4(243)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.5017	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.4014	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.1025	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.128	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3(5017)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3(754)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.133	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4(1009)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7073	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4.243	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(64)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.217	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.1(8)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2011	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.136	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3041	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.4027	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(61)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(2049)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.1	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.1003	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2010	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(48)	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5131	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.2.140	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	ne	version:	4.4.2034	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5112	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3055	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.1095	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5116	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.202	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2006	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.48	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0.51	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.3086	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5125	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.5118	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.1.148	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2017	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2001	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.185	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.2016	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.0.343	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.254	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.2018	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.3.2039	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.2	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.4.7030	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.4.1054	Trust: 0.3

sources: CNVD: CNVD-2017-09961 // BID: 98938 // JVNDB: JVNDB-2017-004717 // CNNVD: CNNVD-201706-317 // NVD: CVE-2017-6638

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6638
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-6638
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-09961
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201706-317
value:	HIGH
Trust: 0.6
VULHUB:	VHN-114841
value:	HIGH
Trust: 0.1
VULMON:	CVE-2017-6638
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-6638
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2017-09961
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114841
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6638
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-09961 // VULHUB: VHN-114841 // VULMON: CVE-2017-6638 // JVNDB: JVNDB-2017-004717 // CNNVD: CNNVD-201706-317 // NVD: CVE-2017-6638

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-20	Trust: 1.1

sources: VULHUB: VHN-114841 // JVNDB: JVNDB-2017-004717 // NVD: CVE-2017-6638

THREAT TYPE

local

Trust: 0.9

sources: BID: 98938 // CNNVD: CNNVD-201706-317

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201706-317

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-004717

PATCH

title:	cisco-sa-20170607-anyconnect	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-anyconnect	Trust: 0.8
title:	Patch for CiscoAnyConnectSecureMobilityClient Local Privilege Escalation Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/95720	Trust: 0.6
title:	Cisco AnyConnect Secure Mobility Client for Windows Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74794	Trust: 0.6
title:	Cisco: Cisco AnyConnect Local Privilege Escalation Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20170607-anyconnect	Trust: 0.1
title:	anypwn	url:	https://github.com/srozb/anypwn	Trust: 0.1

sources: CNVD: CNVD-2017-09961 // VULMON: CVE-2017-6638 // JVNDB: JVNDB-2017-004717 // CNNVD: CNNVD-201706-317

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6638	Trust: 3.5
db:	BID	id:	98938	Trust: 2.7
db:	SECTRACK	id:	1038627	Trust: 1.8
db:	JVNDB	id:	JVNDB-2017-004717	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-317	Trust: 0.7
db:	CNVD	id:	CNVD-2017-09961	Trust: 0.6
db:	VULHUB	id:	VHN-114841	Trust: 0.1
db:	VULMON	id:	CVE-2017-6638	Trust: 0.1

sources: CNVD: CNVD-2017-09961 // VULHUB: VHN-114841 // VULMON: CVE-2017-6638 // BID: 98938 // JVNDB: JVNDB-2017-004717 // CNNVD: CNNVD-201706-317 // NVD: CVE-2017-6638

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170607-anyconnect	Trust: 2.8
url:	http://www.securityfocus.com/bid/98938	Trust: 1.9
url:	http://www.securitytracker.com/id/1038627	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6638	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6638	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps10884/index.html	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://github.com/srozb/anypwn	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2017-09961 // VULHUB: VHN-114841 // VULMON: CVE-2017-6638 // BID: 98938 // JVNDB: JVNDB-2017-004717 // CNNVD: CNNVD-201706-317 // NVD: CVE-2017-6638

CREDITS

Felix Wilhelm.

Trust: 0.3

sources: BID: 98938

SOURCES

db:	CNVD	id:	CNVD-2017-09961
db:	VULHUB	id:	VHN-114841
db:	VULMON	id:	CVE-2017-6638
db:	BID	id:	98938
db:	JVNDB	id:	JVNDB-2017-004717
db:	CNNVD	id:	CNNVD-201706-317
db:	NVD	id:	CVE-2017-6638

LAST UPDATE DATE

2024-11-23T22:17:55.618000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-09961	date:	2017-06-18T00:00:00
db:	VULHUB	id:	VHN-114841	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2017-6638	date:	2019-10-03T00:00:00
db:	BID	id:	98938	date:	2017-06-27T14:04:00
db:	JVNDB	id:	JVNDB-2017-004717	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201706-317	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6638	date:	2024-11-21T03:30:11.473

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-09961	date:	2017-06-18T00:00:00
db:	VULHUB	id:	VHN-114841	date:	2017-06-08T00:00:00
db:	VULMON	id:	CVE-2017-6638	date:	2017-06-08T00:00:00
db:	BID	id:	98938	date:	2017-06-07T00:00:00
db:	JVNDB	id:	JVNDB-2017-004717	date:	2017-07-05T00:00:00
db:	CNNVD	id:	CNNVD-201706-317	date:	2017-06-08T00:00:00
db:	NVD	id:	CVE-2017-6638	date:	2017-06-08T13:29:00.423