Strix
26.1K

CVE-2013-1173

UnknownEPSS 0.29%

Last modified

CVE-2013-1173 is a vulnerability of currently unknown severity. Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.

Metrics

EPSS Probability
0.29%

20.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoAnyconnect Secure Mobility ClientAll versions
CiscoAnyconnect Secure Mobility Client2.0
CiscoAnyconnect Secure Mobility Client2.1
CiscoAnyconnect Secure Mobility Client2.2
CiscoAnyconnect Secure Mobility Client2.2.128
CiscoAnyconnect Secure Mobility Client2.2.133
CiscoAnyconnect Secure Mobility Client2.2.136
CiscoAnyconnect Secure Mobility Client2.2.140
CiscoAnyconnect Secure Mobility Client2.3
CiscoAnyconnect Secure Mobility Client2.3.185
CiscoAnyconnect Secure Mobility Client2.3.254
CiscoAnyconnect Secure Mobility Client2.3.2016
CiscoAnyconnect Secure Mobility Client2.4
CiscoAnyconnect Secure Mobility Client2.4.0202
CiscoAnyconnect Secure Mobility Client2.4.1012
CiscoAnyconnect Secure Mobility Client2.4.4004
CiscoAnyconnect Secure Mobility Client2.4.4014
CiscoAnyconnect Secure Mobility Client2.4.5004
CiscoAnyconnect Secure Mobility Client2.4.7030
CiscoAnyconnect Secure Mobility Client2.4.7073
CiscoAnyconnect Secure Mobility Client2.5
CiscoAnyconnect Secure Mobility Client2.5.0217
CiscoAnyconnect Secure Mobility Client2.5.1025
CiscoAnyconnect Secure Mobility Client2.5.2001
CiscoAnyconnect Secure Mobility Client2.5.2006
CiscoAnyconnect Secure Mobility Client2.5.2010
CiscoAnyconnect Secure Mobility Client2.5.2011
CiscoAnyconnect Secure Mobility Client2.5.2014
CiscoAnyconnect Secure Mobility Client2.5.2017
CiscoAnyconnect Secure Mobility Client2.5.2018
CiscoAnyconnect Secure Mobility Client2.5.2019
CiscoAnyconnect Secure Mobility Client2.5.3041
CiscoAnyconnect Secure Mobility Client2.5.3046
CiscoAnyconnect Secure Mobility Client2.5.3051
CiscoAnyconnect Secure Mobility Client2.5.3054
CiscoAnyconnect Secure Mobility Client2.5.3055
CiscoAnyconnect Secure Mobility Client2.5.5112
CiscoAnyconnect Secure Mobility Client2.5.5116
CiscoAnyconnect Secure Mobility Client2.5.5118
CiscoAnyconnect Secure Mobility Client2.5.5125
CiscoAnyconnect Secure Mobility Client2.5.5130
CiscoAnyconnect Secure Mobility Client2.5.5131
CiscoAnyconnect Secure Mobility Client2.5.6005
CiscoAnyconnect Secure Mobility Client3.0
CiscoAnyconnect Secure Mobility Client3.0.0629
CiscoAnyconnect Secure Mobility Client3.0.1047
CiscoAnyconnect Secure Mobility Client3.0.2052
CiscoAnyconnect Secure Mobility Client3.0.3050
CiscoAnyconnect Secure Mobility Client3.0.3054
CiscoAnyconnect Secure Mobility Client3.0.4235

Showing 50 of 58 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-1173?
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
How severe is CVE-2013-1173?
Severity scoring for CVE-2013-1173 is pending analysis. The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.
How do I fix CVE-2013-1173?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1173?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST