Strix
26.1K

CVE-2013-5559

UnknownEPSS 2.03%

Last modified

CVE-2013-5559 is a vulnerability of currently unknown severity. Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.. EPSS estimates a 2.03% chance of exploitation in the next 30 days.

Description

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.

Metrics

EPSS Probability
2.03%

78.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoAnyconnect Secure Mobility Client2.0
CiscoAnyconnect Secure Mobility Client2.1
CiscoAnyconnect Secure Mobility Client2.2
CiscoAnyconnect Secure Mobility Client2.2.128
CiscoAnyconnect Secure Mobility Client2.2.133
CiscoAnyconnect Secure Mobility Client2.2.136
CiscoAnyconnect Secure Mobility Client2.2.140
CiscoAnyconnect Secure Mobility Client2.3
CiscoAnyconnect Secure Mobility Client2.3.185
CiscoAnyconnect Secure Mobility Client2.3.254
CiscoAnyconnect Secure Mobility Client2.3.2016
CiscoAnyconnect Secure Mobility Client2.4
CiscoAnyconnect Secure Mobility Client2.4.0202
CiscoAnyconnect Secure Mobility Client2.4.1012
CiscoAnyconnect Secure Mobility Client2.4.4004
CiscoAnyconnect Secure Mobility Client2.4.4014
CiscoAnyconnect Secure Mobility Client2.4.5004
CiscoAnyconnect Secure Mobility Client2.4.7030
CiscoAnyconnect Secure Mobility Client2.4.7073
CiscoAnyconnect Secure Mobility Client2.5
CiscoAnyconnect Secure Mobility Client2.5.0217
CiscoAnyconnect Secure Mobility Client2.5.1025
CiscoAnyconnect Secure Mobility Client2.5.2001
CiscoAnyconnect Secure Mobility Client2.5.2006
CiscoAnyconnect Secure Mobility Client2.5.2010
CiscoAnyconnect Secure Mobility Client2.5.2011
CiscoAnyconnect Secure Mobility Client2.5.2014
CiscoAnyconnect Secure Mobility Client2.5.2017
CiscoAnyconnect Secure Mobility Client2.5.2018
CiscoAnyconnect Secure Mobility Client2.5.2019
CiscoAnyconnect Secure Mobility Client2.5.3041
CiscoAnyconnect Secure Mobility Client2.5.3046
CiscoAnyconnect Secure Mobility Client2.5.3051
CiscoAnyconnect Secure Mobility Client2.5.3054
CiscoAnyconnect Secure Mobility Client2.5.3055
CiscoAnyconnect Secure Mobility Client2.5.5112
CiscoAnyconnect Secure Mobility Client2.5.5116
CiscoAnyconnect Secure Mobility Client2.5.5118
CiscoAnyconnect Secure Mobility Client2.5.5125
CiscoAnyconnect Secure Mobility Client2.5.5130
CiscoAnyconnect Secure Mobility Client2.5.5131
CiscoAnyconnect Secure Mobility Client2.5.6005

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-5559?
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.
How severe is CVE-2013-5559?
Severity scoring for CVE-2013-5559 is pending analysis. The EPSS model estimates a 2.03% probability of exploitation in the next 30 days.
How do I fix CVE-2013-5559?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-5559?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST