CVE-2016-6369
Description
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.099
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2016-6369,CVE-2016-9192 are affected in Cisco AnyConnect Secure Mobility Client For Windows 4.3.01095 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2006 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2010 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2011 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2014 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2017 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2018 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.2019 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.0629 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.1.0 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.0217 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3041 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3046 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3051 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3054 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5.3055 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.1047 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.2052 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.3050 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.3054 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.4235 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.5075 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.0.5080 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 4.0(64) | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 3.1(60) | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 4.0(2049) | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.0.0343 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.2.0133 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.2.0136 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.2.0140 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.3.0185 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.3.0254 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.3.1003 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.5_base | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 3.0.0 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 3.0.09231 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 3.0.09266 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 3.0.09353 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 3.1.02043 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 3.1.05182 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 3.1.05187 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 3.1.06073 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 3.1.07021 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 4.0(48) | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 4.0.0 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 4.0.00048 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 4.0.00051 | Windows |
| Vulnerabilities CVE-2015-6305,CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 4.1.0 | Windows |
| Vulnerabilities CVE-2015-6322,CVE-2016-6369 are affected in Any Connect (Microsoft Store) 2.1.0148 | Windows |
| Vulnerabilities CVE-2015-6322,CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 4.1(8) | Windows |
| Vulnerabilities CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 4.2.0 | Windows |
| Vulnerabilities CVE-2016-6369,CVE-2016-9192,CVE-2017-3813 are affected in Any Connect (Microsoft Store) 4.2.04039 | Windows |
| Vulnerabilities CVE-2016-6369,CVE-2016-9192 are affected in Any Connect (Microsoft Store) 4.3.0 | Windows |
| Vulnerabilities CVE-2016-6369,CVE-2016-9192,CVE-2017-3813 are affected in Any Connect (Microsoft Store) 4.3.00748 | Windows |
| Vulnerabilities CVE-2016-6369,CVE-2016-9192,CVE-2017-3813 are affected in Any Connect (Microsoft Store) 4.3.01095 | Windows |
| Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability For Cisco AnyConnect Secure Mobility Client | NCM |
| CVE-2016-6369 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-338372 | Cisco AnyConnect Secure Mobility Client (4.10.08029) (Manual Upload Required) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234