CVE-2017-12268 - A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could

CVE-2017-12268

Summary

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.

References

Vulnerable Configurations

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(822\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(822\):*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 09-10-2019 - 23:22)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	101157
confirm	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam
sectrack	1039507

Last major update

09-10-2019 - 23:22

Published

05-10-2017 - 07:29

Last modified

09-10-2019 - 23:22