Privilege escalation in Cisco AnyConnect Secure Mobility Client - CVE-2017-6638
Published: June 9, 2017
Vulnerability identifier: #VU7001
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6638
CWE-ID: CWE-427
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Detailed vulnerability description
The vulnerability allows a local authenticated attacker to gain elevated privileges.
The weakness exists on Cisco AnyConnect Secure Mobility Client for Windows due to uncontrolled search path element. A local attacker can copy a specially crafted DLL file to a specific directory on the system and execute arbitrary code on the underlying Microsoft Windows host with SYSTEM privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists on Cisco AnyConnect Secure Mobility Client for Windows due to uncontrolled search path element. A local attacker can copy a specially crafted DLL file to a specific directory on the system and execute arbitrary code on the underlying Microsoft Windows host with SYSTEM privileges.
Successful exploitation of the vulnerability may result in system compromise.
How to mitigate CVE-2017-6638
Update to version 4.4.02034.