PT-2016-7692 · Cisco+1 · Cisco Anyconnect Secure Mobility Client+1

Published

2016-12-14

Updated

2017-04-04

CVE-2016-9192

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client for Windows versions 4.3(2039) through 4.3(748)

Description A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account.

Recommendations For versions 4.3(2039) through 4.3(748), update to version 4.3(4019) or 4.4(225) to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-9192

Affected Products

Cisco Anyconnect Secure Mobility Client

Windows

PT-2016-7692 · Cisco+1 · Cisco Anyconnect Secure Mobility Client+1

CVE-2016-9192

Weakness Enumeration

Related Identifiers

Affected Products

References · 7