Home

CVE-2018-0373

Description

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.075

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2018-0229,CVE-2018-0334,CVE-2018-0373,CVE-2019-1853 are affected in Cisco AnyConnect Secure Mobility Client For Windows 4.6Windows
Vulnerabilities CVE-2017-6788,CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.5(58)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.5(1044)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.5(2033)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.5(2036)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.5(3040)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.5(4029)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.5(5030)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.6(1098)Windows
Vulnerabilities CVE-2018-0373 are affected in Any Connect (Microsoft Store) 4.6(362)Windows
Cisco AnyConnect Secure Mobility Client for Windows Desktop Denial of Service Vulnerability For Cisco AnyConnect Secure Mobility ClientNCM
Improper Input Validation Vulnerability (CVE-2018-0373)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1705981Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034)
PATCH-338372Cisco AnyConnect Secure Mobility Client (4.10.08029) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234