PT-2016-7692 · Cisco+1 · Cisco Anyconnect Secure Mobility Client+1

Publicado

2016-12-14

Atualizado

2017-04-04

CVE-2016-9192

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client for Windows versions 4.3(2039) through 4.3(748)

Description A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account.

Recommendations For versions 4.3(2039) through 4.3(748), update to version 4.3(4019) or 4.4(225) to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2016-9192

Produtos afetados

Cisco Anyconnect Secure Mobility Client

Windows

PT-2016-7692 · Cisco+1 · Cisco Anyconnect Secure Mobility Client+1

CVE-2016-9192

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7