CVE-2016-9192
HIGHCisco AnyConnect 4.3(2039/748) Authenticated Arbitrary Executable Execution with SYSTEM Privileges
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2016-9192. PoCs published by serializingme.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2016-9192, which targets a vulnerability in Cisco AnyConnect Secure Mobility Client. The exploit crafts a malicious IPC message to launch an arbitrary executable with elevated privileges by leveraging a DLL hijacking technique.
Description
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).
Exploits (1)
This repository contains a functional proof-of-concept exploit for CVE-2016-9192, which targets a vulnerability in Cisco AnyConnect Secure Mobility Client. The exploit crafts a malicious IPC message to launch an arbitrary executable with elevated privileges by leveraging a DLL hijacking technique.
References (5)
Scores
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H