CVE-2013-1172
Description
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.
Risk Information
Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.082
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.0 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.1 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.128 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.133 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.136 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.140 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.185 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.254 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.5 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.0 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.1 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.128 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.133 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.136 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.140 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.185 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.254 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5 | Windows |
| Vulnerabilities CVE-2011-2040,CVE-2013-1172,CVE-2013-1173,CVE-2013-5559 are affected in Any Connect (Microsoft Store) 2.5.1025 | Windows |
| Vulnerabilities CVE-2011-2040,CVE-2013-1172,CVE-2013-1173,CVE-2013-5559 are affected in Any Connect (Microsoft Store) 2.5.2001 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2006 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2010 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2011 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2014 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2017 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2018 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2019 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.0629 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.07059 | Windows |
| Vulnerabilities CVE-2012-2498,CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) 3.0.08066 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.1.0 | Windows |
| Vulnerabilities CVE-2012-3088,CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) 3.2.0 | Windows |
| Vulnerabilities CVE-2013-1130,CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) - | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.0217 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3041 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3046 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3051 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3054 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3055 | Windows |
| Vulnerabilities CVE-2013-1172,CVE-2013-1173,CVE-2013-5559 are affected in Any Connect (Microsoft Store) 2.5.6005 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.1047 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.2052 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.3050 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.3054 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.4235 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.5075 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.5080 | Windows |
| Vulnerabilities CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) 3.1.00495 | Windows |
| Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Privilege Elevation Vulnerability For Cisco AnyConnect Secure Mobility Client | NCM |
| Improper Input Validation Vulnerability (CVE-2013-1172) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234