CVE-2017-12268

Published: Oct 5, 2017Modified: May 13, 2026

6.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Exploitability: 2.0 / Impact: 4.0

Source: NVD

Description

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.

Affected (1)

Products: Cisco: Anyconnect Secure Mobility Client

1 product

Anyconnect Secure Mobility Client

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Anyconnect Secure Mobility Client	Version 4.5(822)

Related CWEs

References (6)

http://www.securityfocus.com/bid/101157

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039507

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/101157

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1039507

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.