6.6

CVE-2013-1173

Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.

Data is provided by the National Vulnerability Database (NVD)
CiscoAnyconnect Secure Mobility Client Version2.4 SwPlatformsymbian_os
CiscoAnyconnect Secure Mobility Client Version2.4.4004 SwPlatformiphone_os
CiscoAnyconnect Secure Mobility Client Version2.4.4014 SwPlatformiphone_os
CiscoAnyconnect Secure Mobility Client Version2.4.5004 SwPlatformsymbian_os
CiscoAnyconnect Secure Mobility Client Version2.4.7030 SwPlatformandroid
CiscoAnyconnect Secure Mobility Client Version2.4.7073 SwPlatformandroid
CiscoAnyconnect Secure Mobility Client Version2.5.5112 SwPlatformiphone_os
CiscoAnyconnect Secure Mobility Client Version2.5.5116 SwPlatformandroid
CiscoAnyconnect Secure Mobility Client Version2.5.5118 SwPlatformandroid
CiscoAnyconnect Secure Mobility Client Version2.5.5125 SwPlatformandroid
CiscoAnyconnect Secure Mobility Client Version2.5.5130 SwPlatformiphone_os
CiscoAnyconnect Secure Mobility Client Version2.5.5131 SwPlatformandroid
CiscoAnyconnect Secure Mobility Client Version3.0 HwPlatformx64
CiscoAnyconnect Secure Mobility Client Version3.0.08057 HwPlatformx64
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.218
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.6 2.7 10
AV:L/AC:M/Au:S/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.