CVE-2017-6638

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client for Windows versions prior to 4.4.02034

Description A vulnerability in how DLL files are loaded could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The issue is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this by creating a malicious DLL file and installing it in a specific system directory, allowing them to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability.

Recommendations For versions prior to 4.4.02034, update to version 4.4.02034 or later to resolve the issue. As a temporary workaround, consider restricting access to system directories where malicious DLL files could be installed, and avoid using the vulnerable DLL loading mechanism until a patch is applied.