You are here

V-134: Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges

April 15, 2013 - 1:30am

Addthis

PROBLEM:

Cisco AnyConnect Secure Mobility Client Heap Overflow Lets Local Users Gain Elevated Privileges

PLATFORM:

Cisco AnyConnect Secure Mobility Client
Cisco Secure Desktop

ABSTRACT:

Some vulnerabilities were reported in Cisco AnyConnect Secure Mobility Client.

REFERENCE LINKS:

Cisco Security Notice CVE-2013-1172
Cisco Security Notice CVE-2013-1173
SecurityTracker Alert ID:  1028425
CVE-2013-1172
CVE-2013-1173
 

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A local user can trigger a heap overflow in the Cisco Host Scan component to execute arbitrary code on the target system with System privileges [CVE-2013-1172].

A local user can trigger other flaws in the Cisco Host Scan component to gain System privileges [CVE-2013-1173].

IMPACT:

A local user can obtain elevated privileges on the target system

SOLUTION:

The vendor has issued a fix.

Addthis