{"containers": {"cna": {"affected": [{"product": "Cisco AnyConnect Secure Mobility Client unknown", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AnyConnect Secure Mobility Client unknown"}]}], "datePublic": "2018-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-26T09:57:02", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos"}, {"name": "1041176", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041176"}, {"name": "104548", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104548"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0373", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AnyConnect Secure Mobility Client unknown", "version": {"version_data": [{"version_value": "Cisco AnyConnect Secure Mobility Client unknown"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos"}, {"name": "1041176", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041176"}, {"name": "104548", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104548"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0373", "datePublished": "2018-06-21T11:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-06-26T09:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(58\\):*:*:*:*:*:*:*", "matchCriteriaId": "9B0A0171-260B-4E2D-8D7F-035345D9C902", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(1044\\):*:*:*:*:*:*:*", "matchCriteriaId": "468C81E8-D599-47AE-870E-641CEEC0BF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(2033\\):*:*:*:*:*:*:*", "matchCriteriaId": "426675B2-921D-4C1C-ACAA-AC1B8439CA66", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(2036\\):*:*:*:*:*:*:*", "matchCriteriaId": "3B256AAA-0DFB-41A4-BC98-2DB809C08A33", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(3040\\):*:*:*:*:*:*:*", "matchCriteriaId": "788EC44C-08A7-42EA-B657-ED0E02D4EBE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(4029\\):*:*:*:*:*:*:*", "matchCriteriaId": "8DAD5740-B44F-498A-B997-8C0482BCDD8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(5030\\):*:*:*:*:*:*:*", "matchCriteriaId": "023FB667-653F-4634-9C65-4D076AD16F51", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6\\(362\\):*:*:*:*:*:*:*", "matchCriteriaId": "72519817-7E9A-433D-B03D-32C8382E2DB4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6\\(1098\\):*:*:*:*:*:*:*", "matchCriteriaId": "BE6AC94E-E971-4E42-B410-68CD49B39AB9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654."}, {"lang": "es", "value": "Una vulnerabilidad en vpnva-6.sys para Windows de 32 bits y vpnva64-6.sys para Windows de 64 bits enCisco AnyConnect Secure Mobility Client para Windows Desktop podr\u00eda permitir que un atacante local autenticado provoque una denegaci\u00f3n de servicio (DoS) en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los datos proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de una petici\u00f3n maliciosa a la aplicaci\u00f3n. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio (DoS) en el sistema afectado. Cisco Bug IDs: CSCvj47654."}], "id": "CVE-2018-0373", "lastModified": "2019-10-09T23:31:54.663", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-21T11:29:01.227", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104548"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041176"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}