Strix
26.1K

CVE-2017-3813

UnknownEPSS 1.71%

Last modified

CVE-2017-3813 is a vulnerability of currently unknown severity. A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. EPSS estimates a 1.71% chance of exploitation in the next 30 days.

Description

A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.

Metrics

EPSS Probability
1.71%

74.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoAnyconnect Secure Mobility Client4.0.00048
CiscoAnyconnect Secure Mobility Client4.0.00051
CiscoAnyconnect Secure Mobility Client4.0.00052
CiscoAnyconnect Secure Mobility Client4.0.00057
CiscoAnyconnect Secure Mobility Client4.0.00061
CiscoAnyconnect Secure Mobility Client4.1.00028
CiscoAnyconnect Secure Mobility Client4.1.02011
CiscoAnyconnect Secure Mobility Client4.1.04011
CiscoAnyconnect Secure Mobility Client4.1.06013
CiscoAnyconnect Secure Mobility Client4.1.06020
CiscoAnyconnect Secure Mobility Client4.1.08005
CiscoAnyconnect Secure Mobility Client4.2.00096
CiscoAnyconnect Secure Mobility Client4.2.01022
CiscoAnyconnect Secure Mobility Client4.2.01035
CiscoAnyconnect Secure Mobility Client4.2.02075
CiscoAnyconnect Secure Mobility Client4.2.03013
CiscoAnyconnect Secure Mobility Client4.2.04018
CiscoAnyconnect Secure Mobility Client4.2.04039
CiscoAnyconnect Secure Mobility Client4.2.05015
CiscoAnyconnect Secure Mobility Client4.2.06014
CiscoAnyconnect Secure Mobility Client4.3.00748
CiscoAnyconnect Secure Mobility Client4.3.01095
CiscoAnyconnect Secure Mobility Client4.3.02039
CiscoAnyconnect Secure Mobility Client4.3.03086
CiscoAnyconnect Secure Mobility Client4.3.04027

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2017-3813?
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.
How severe is CVE-2017-3813?
Severity scoring for CVE-2017-3813 is pending analysis. The EPSS model estimates a 1.71% probability of exploitation in the next 30 days.
How do I fix CVE-2017-3813?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-3813?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST