Details of VAR-201806-1014

ID

VAR-201806-1014

CVE

CVE-2018-0334

TITLE

Cisco AnyConnect Network Access Manager and Cisco AnyConnect Secure Mobility Client Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2018-006091

DESCRIPTION

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141. Vendors have confirmed this vulnerability Bug ID CSCvh23141 It is released as.Information may be obtained and information may be altered. AnyConnectSecureMobilityClient is a secure mobile client that securely accesses networks and applications from any device. Server certificate. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-0334 // JVNDB: JVNDB-2018-006091 // CNVD: CNVD-2018-11349 // BID: 104430 // VULHUB: VHN-118536

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-11349

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.6\(100\)	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	-	version:	-	Trust: 1.4
vendor:	cisco	model:	anyconnect network access manager	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	anyconnect secure mobility client for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for mac os	scope:	eq	version:	x0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for linux	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for ios	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client for android	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	anyconnect network access manager	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2018-11349 // BID: 104430 // JVNDB: JVNDB-2018-006091 // CNNVD: CNNVD-201806-370 // NVD: CVE-2018-0334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0334
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0334
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-11349
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201806-370
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118536
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0334
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11349
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118536
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0334
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-11349 // VULHUB: VHN-118536 // JVNDB: JVNDB-2018-006091 // CNNVD: CNNVD-201806-370 // NVD: CVE-2018-0334

PROBLEMTYPE DATA

problemtype:

CWE-295

Trust: 1.9

sources: VULHUB: VHN-118536 // JVNDB: JVNDB-2018-006091 // NVD: CVE-2018-0334

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-370

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006091

PATCH

title:	cisco-sa-20180606-AnyConnect-cert-bypass	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-AnyConnect-cert-bypass	Trust: 0.8
title:	CiscoAnyConnectNetworkAccessManager and AnyConnectSecureMobilityClient Certificates bypass the patch for the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/131765	Trust: 0.6
title:	Cisco AnyConnect Network Access Manager and AnyConnect Secure Mobility Client Fixing measures for security feature vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80725	Trust: 0.6

sources: CNVD: CNVD-2018-11349 // JVNDB: JVNDB-2018-006091 // CNNVD: CNNVD-201806-370

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0334	Trust: 3.4
db:	BID	id:	104430	Trust: 2.0
db:	SECTRACK	id:	1041075	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006091	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-370	Trust: 0.7
db:	CNVD	id:	CNVD-2018-11349	Trust: 0.6
db:	VULHUB	id:	VHN-118536	Trust: 0.1

sources: CNVD: CNVD-2018-11349 // VULHUB: VHN-118536 // BID: 104430 // JVNDB: JVNDB-2018-006091 // CNNVD: CNNVD-201806-370 // NVD: CVE-2018-0334

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-anyconnect-cert-bypass	Trust: 2.6
url:	http://www.securityfocus.com/bid/104430	Trust: 1.7
url:	http://www.securitytracker.com/id/1041075	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0334	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0334	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-11349 // VULHUB: VHN-118536 // BID: 104430 // JVNDB: JVNDB-2018-006091 // CNNVD: CNNVD-201806-370 // NVD: CVE-2018-0334

CREDITS

Cisco

Trust: 0.3

sources: BID: 104430

SOURCES

db:	CNVD	id:	CNVD-2018-11349
db:	VULHUB	id:	VHN-118536
db:	BID	id:	104430
db:	JVNDB	id:	JVNDB-2018-006091
db:	CNNVD	id:	CNNVD-201806-370
db:	NVD	id:	CVE-2018-0334

LAST UPDATE DATE

2024-11-23T22:52:03.687000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11349	date:	2018-06-12T00:00:00
db:	VULHUB	id:	VHN-118536	date:	2019-10-09T00:00:00
db:	BID	id:	104430	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006091	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-370	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0334	date:	2024-11-21T03:38:00.140

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-11349	date:	2018-06-12T00:00:00
db:	VULHUB	id:	VHN-118536	date:	2018-06-07T00:00:00
db:	BID	id:	104430	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006091	date:	2018-08-07T00:00:00
db:	CNNVD	id:	CNNVD-201806-370	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0334	date:	2018-06-07T21:29:00.493