CVE-2013-1173
Description
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
Risk Information
Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.087
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.0 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.1 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.128 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.133 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.136 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.140 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.185 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.254 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.5 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.0 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.1 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.128 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.133 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.136 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.140 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.185 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.254 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5 | Windows |
| Vulnerabilities CVE-2011-2040,CVE-2013-1172,CVE-2013-1173,CVE-2013-5559 are affected in Any Connect (Microsoft Store) 2.5.1025 | Windows |
| Vulnerabilities CVE-2011-2040,CVE-2013-1172,CVE-2013-1173,CVE-2013-5559 are affected in Any Connect (Microsoft Store) 2.5.2001 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2006 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2010 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2011 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2014 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2017 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2018 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2019 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.0629 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.07059 | Windows |
| Vulnerabilities CVE-2012-2498,CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) 3.0.08066 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.1.0 | Windows |
| Vulnerabilities CVE-2012-3088,CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) 3.2.0 | Windows |
| Vulnerabilities CVE-2013-1130,CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) - | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.0217 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3041 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3046 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3051 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3054 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3055 | Windows |
| Vulnerabilities CVE-2013-1172,CVE-2013-1173,CVE-2013-5559 are affected in Any Connect (Microsoft Store) 2.5.6005 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.1047 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.2052 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.3050 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.3054 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.4235 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.5075 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.5080 | Windows |
| Vulnerabilities CVE-2013-1172,CVE-2013-1173 are affected in Any Connect (Microsoft Store) 3.1.00495 | Windows |
| Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Heap Overflow Vulnerability For Cisco AnyConnect Secure Mobility Client | NCM |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-1173) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234