CVE-2016-9192

HIGH

Cisco Anyconnect Secure Mobility Client - Access Control

Title source: rule

Description

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).

Exploits (1)

nomisec WORKING POC 5 stars

by serializingme · poc

https://github.com/serializingme/cve-2016-9192

View Code ZIP pw:eip

References (5)

Core 5

Core References

Various Sources x_refsource_misc

https://github.com/serializingme/cve-2016-9192

Various Sources x_refsource_misc

https://github.com/nettitude/PoshC2/blob/master/Modules/CVE-2016-9192.ps1

Vendor Advisory x_refsource_confirm

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1037409

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/94770

Scores

CVSS v3 7.8

EPSS 0.3108

EPSS Percentile 96.8%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (21)

cisco/anyconnect_secure_mobility_client 3.1\(60\)

cisco/anyconnect_secure_mobility_client 3.1.0

cisco/anyconnect_secure_mobility_client 3.1.02043

cisco/anyconnect_secure_mobility_client 3.1.05182

cisco/anyconnect_secure_mobility_client 3.1.05187

cisco/anyconnect_secure_mobility_client 3.1.06073

cisco/anyconnect_secure_mobility_client 3.1.07021

cisco/anyconnect_secure_mobility_client 4.0\(48\)

cisco/anyconnect_secure_mobility_client 4.0\(64\)

cisco/anyconnect_secure_mobility_client 4.0\(2049\)

... and 11 more

Published Dec 14, 2016

Tracked Since Feb 18, 2026