CVE-2018-0373
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
21/06/2018
Last modified:
09/10/2019
Description
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Base Score 2.0
4.90
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(58\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(1044\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(2033\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(2036\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(3040\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(4029\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(5030\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6\(362\):*:*:*:*:*:*:* | ||
| cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6\(1098\):*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page