CVE-2013-1172

Published: Apr 11, 2013Modified: Apr 29, 2026

6.6

Vector

AV:L/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 2.7 / Impact: 10.0

Source: NVD

Description

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.

Affected (61)

Products: Cisco: Anyconnect Secure Mobility Client

Cisco

1 product

Anyconnect Secure Mobility Client

Configuration A

61 vulnerable

Vulnerable Software	Affected Versions
Cisco Anyconnect Secure Mobility Client	All versions
Cisco Anyconnect Secure Mobility Client	Version 2.0
Cisco Anyconnect Secure Mobility Client	Version 2.1
Cisco Anyconnect Secure Mobility Client	Version 2.2.128
Cisco Anyconnect Secure Mobility Client	Version 2.2.133
Cisco Anyconnect Secure Mobility Client	Version 2.2.136
Cisco Anyconnect Secure Mobility Client	Version 2.2.140
Cisco Anyconnect Secure Mobility Client	Version 2.2
Cisco Anyconnect Secure Mobility Client	Version 2.3.185
Cisco Anyconnect Secure Mobility Client	Version 2.3.2016
Cisco Anyconnect Secure Mobility Client	Version 2.3.254
Cisco Anyconnect Secure Mobility Client	Version 2.3
Cisco Anyconnect Secure Mobility Client	Version 2.4.0202
Cisco Anyconnect Secure Mobility Client	Version 2.4.1012
Cisco Anyconnect Secure Mobility Client	Version 2.4.4004
Cisco Anyconnect Secure Mobility Client	Version 2.4.4014
Cisco Anyconnect Secure Mobility Client	Version 2.4.5004
Cisco Anyconnect Secure Mobility Client	Version 2.4.7030
Cisco Anyconnect Secure Mobility Client	Version 2.4.7073
Cisco Anyconnect Secure Mobility Client	Version 2.4
Cisco Anyconnect Secure Mobility Client	Version 2.4
Cisco Anyconnect Secure Mobility Client	Version 2.5.0217
Cisco Anyconnect Secure Mobility Client	Version 2.5.1025
Cisco Anyconnect Secure Mobility Client	Version 2.5.2001
Cisco Anyconnect Secure Mobility Client	Version 2.5.2006
Cisco Anyconnect Secure Mobility Client	Version 2.5.2010
Cisco Anyconnect Secure Mobility Client	Version 2.5.2011
Cisco Anyconnect Secure Mobility Client	Version 2.5.2014
Cisco Anyconnect Secure Mobility Client	Version 2.5.2017
Cisco Anyconnect Secure Mobility Client	Version 2.5.2018
Cisco Anyconnect Secure Mobility Client	Version 2.5.2019
Cisco Anyconnect Secure Mobility Client	Version 2.5.3041
Cisco Anyconnect Secure Mobility Client	Version 2.5.3046
Cisco Anyconnect Secure Mobility Client	Version 2.5.3051
Cisco Anyconnect Secure Mobility Client	Version 2.5.3054
Cisco Anyconnect Secure Mobility Client	Version 2.5.3055
Cisco Anyconnect Secure Mobility Client	Version 2.5.5112
Cisco Anyconnect Secure Mobility Client	Version 2.5.5116
Cisco Anyconnect Secure Mobility Client	Version 2.5.5118
Cisco Anyconnect Secure Mobility Client	Version 2.5.5125
Cisco Anyconnect Secure Mobility Client	Version 2.5.5130
Cisco Anyconnect Secure Mobility Client	Version 2.5.5131
Cisco Anyconnect Secure Mobility Client	Version 2.5.6005
Cisco Anyconnect Secure Mobility Client	Version 2.5
Cisco Anyconnect Secure Mobility Client	Version 3.0.0629
Cisco Anyconnect Secure Mobility Client	Version 3.0.07059
Cisco Anyconnect Secure Mobility Client	Version 3.0.08057
Cisco Anyconnect Secure Mobility Client	Version 3.0.08057
Cisco Anyconnect Secure Mobility Client	Version 3.0.08066
Cisco Anyconnect Secure Mobility Client	Version 3.0.1047
Cisco Anyconnect Secure Mobility Client	Version 3.0.2052
Cisco Anyconnect Secure Mobility Client	Version 3.0.3050
Cisco Anyconnect Secure Mobility Client	Version 3.0.3054
Cisco Anyconnect Secure Mobility Client	Version 3.0.4235
Cisco Anyconnect Secure Mobility Client	Version 3.0.5075
Cisco Anyconnect Secure Mobility Client	Version 3.0.5080
Cisco Anyconnect Secure Mobility Client	Version 3.0
Cisco Anyconnect Secure Mobility Client	Version 3.0
Cisco Anyconnect Secure Mobility Client	Version 3.1.00495
Cisco Anyconnect Secure Mobility Client	Version 3.1.0
Cisco Anyconnect Secure Mobility Client	Version 3.2.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1172

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1172

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.