CVE-2017-6788
Last modified
CVE-2017-6788 is a vulnerability of currently unknown severity. The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. EPSS estimates a 1.22% chance of exploitation in the next 30 days.
Description
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40).
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Anyconnect Secure Mobility Client | 4.4\(4027\) |
| Cisco | Anyconnect Secure Mobility Client | 4.5\(58\) |
References
- http://www.securityfocus.com/bid/100364Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039190Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/100364Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1039190Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6788?
How severe is CVE-2017-6788?
How do I fix CVE-2017-6788?
Are you affected by CVE-2017-6788?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST