Strix
26.1K

CVE-2016-6369

UnknownEPSS 0.39%

Last modified

CVE-2016-6369 is a vulnerability of currently unknown severity. Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.

Description

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

Metrics

EPSS Probability
0.39%

30.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoAnyconnect Secure Mobility Client2.0.0343
CiscoAnyconnect Secure Mobility Client2.1.0148
CiscoAnyconnect Secure Mobility Client2.2.0133
CiscoAnyconnect Secure Mobility Client2.2.0136
CiscoAnyconnect Secure Mobility Client2.2.0140
CiscoAnyconnect Secure Mobility Client2.3.0185
CiscoAnyconnect Secure Mobility Client2.3.0254
CiscoAnyconnect Secure Mobility Client2.3.1003
CiscoAnyconnect Secure Mobility Client2.3.2016
CiscoAnyconnect Secure Mobility Client2.4.0202
CiscoAnyconnect Secure Mobility Client2.4.1012
CiscoAnyconnect Secure Mobility Client2.5.0217
CiscoAnyconnect Secure Mobility Client2.5.2006
CiscoAnyconnect Secure Mobility Client2.5.2010
CiscoAnyconnect Secure Mobility Client2.5.2011
CiscoAnyconnect Secure Mobility Client2.5.2014
CiscoAnyconnect Secure Mobility Client2.5.2017
CiscoAnyconnect Secure Mobility Client2.5.2018
CiscoAnyconnect Secure Mobility Client2.5.2019
CiscoAnyconnect Secure Mobility Client2.5.3041
CiscoAnyconnect Secure Mobility Client2.5.3046
CiscoAnyconnect Secure Mobility Client2.5.3051
CiscoAnyconnect Secure Mobility Client2.5.3054
CiscoAnyconnect Secure Mobility Client2.5.3055
CiscoAnyconnect Secure Mobility Client2.5_base
CiscoAnyconnect Secure Mobility Client3.0.0
CiscoAnyconnect Secure Mobility Client3.0.0629
CiscoAnyconnect Secure Mobility Client3.0.1047
CiscoAnyconnect Secure Mobility Client3.0.2052
CiscoAnyconnect Secure Mobility Client3.0.3050
CiscoAnyconnect Secure Mobility Client3.0.3054
CiscoAnyconnect Secure Mobility Client3.0.4235
CiscoAnyconnect Secure Mobility Client3.0.5075
CiscoAnyconnect Secure Mobility Client3.0.5080
CiscoAnyconnect Secure Mobility Client3.0.09231
CiscoAnyconnect Secure Mobility Client3.0.09266
CiscoAnyconnect Secure Mobility Client3.0.09353
CiscoAnyconnect Secure Mobility Client3.1\(60\)
CiscoAnyconnect Secure Mobility Client3.1.0
CiscoAnyconnect Secure Mobility Client3.1.02043
CiscoAnyconnect Secure Mobility Client3.1.05182
CiscoAnyconnect Secure Mobility Client3.1.05187
CiscoAnyconnect Secure Mobility Client3.1.06073
CiscoAnyconnect Secure Mobility Client3.1.07021
CiscoAnyconnect Secure Mobility Client4.0\(48\)
CiscoAnyconnect Secure Mobility Client4.0\(64\)
CiscoAnyconnect Secure Mobility Client4.0\(2049\)
CiscoAnyconnect Secure Mobility Client4.0.0
CiscoAnyconnect Secure Mobility Client4.0.00048
CiscoAnyconnect Secure Mobility Client4.0.00051

Showing 50 of 57 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2016-6369?
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
How severe is CVE-2016-6369?
Severity scoring for CVE-2016-6369 is pending analysis. The EPSS model estimates a 0.39% probability of exploitation in the next 30 days.
How do I fix CVE-2016-6369?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-6369?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST