Multiple Local Privilege Escalation Vulnerabilities in Cisco AnyConnect Secure Mobility Client
Release date:
Updated on:
Affected Systems:
Cisco AnyConnect Secure Mobility Client
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59034
CVE (CAN) ID: CVE-2013-1172
Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN Client.
The Cisco Host Scan component and the Cisco Secure Desktop Security Service of the Cisco AnyConnect Secure Mobility Client (AnyConnect VPN Client) do not have the correct authentication file, and a security vulnerability exists, local privileged users can exploit this vulnerability to obtain SYSTEM permissions.
<* Source: Cisco
Link: http://secunia.com/advisories/53015/
Http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1172
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.cisco.com/en/US/products/ps10884/index.html