CVE-2016-9192

HIGH

Cisco AnyConnect 4.3(2039/748) Authenticated Arbitrary Executable Execution with SYSTEM Privileges

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-9192. PoCs published by serializingme.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2016-9192, which targets a vulnerability in Cisco AnyConnect Secure Mobility Client. The exploit crafts a malicious IPC message to launch an arbitrary executable with elevated privileges by leveraging a DLL hijacking technique.

Description

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).

Exploits (1)

nomisec WORKING POC 5 stars
by serializingme · poc
https://github.com/serializingme/cve-2016-9192

This repository contains a functional proof-of-concept exploit for CVE-2016-9192, which targets a vulnerability in Cisco AnyConnect Secure Mobility Client. The exploit crafts a malicious IPC message to launch an arbitrary executable with elevated privileges by leveraging a DLL hijacking technique.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Cisco AnyConnect Secure Mobility Client
No auth needed
Prerequisites: Local access to the target system · Cisco AnyConnect Secure Mobility Client installed · DLL payload (poc.dll) placed in the exploit directory
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_misc
https://github.com/serializingme/cve-2016-9192
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037409
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94770

Scores

CVSS v3 7.8
EPSS 0.0347
EPSS Percentile 87.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (21)
cisco/anyconnect_secure_mobility_client 3.1\(60\)
cisco/anyconnect_secure_mobility_client 3.1.0
cisco/anyconnect_secure_mobility_client 3.1.02043
cisco/anyconnect_secure_mobility_client 3.1.05182
cisco/anyconnect_secure_mobility_client 3.1.05187
cisco/anyconnect_secure_mobility_client 3.1.06073
cisco/anyconnect_secure_mobility_client 3.1.07021
cisco/anyconnect_secure_mobility_client 4.0\(48\)
cisco/anyconnect_secure_mobility_client 4.0\(64\)
cisco/anyconnect_secure_mobility_client 4.0\(2049\)
... and 11 more
Published Dec 14, 2016
Tracked Since Feb 18, 2026