// For flags

CVE-2017-12268

 

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.

Un vulnerabilidad en el NAM (Network Access Manager) de Cisco AnyConnect Secure Mobility Client podría permitir que un atacante local autenticado habilite múltiples adaptadores de red. Esta vulnerabilidad también se conoce como "Dual-Home Interface Vulnerability". Esta vulnerabilidad se debe a la falta de mecanismos suficientes para el cumplimiento de políticas NAM. Un atacante podría explotar esta vulnerabilidad manipulando las interfaces de red del dispositivo para permitir que haya varias activas al mismo tiempo. Una explotación con éxito podría permitir que el atacante envíe tráfico a través de una interfaz de red que no está autorizada. Cisco Bug IDs: CSCvf66539.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-08-03 CVE Reserved
  • 2017-10-05 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
 4.5\(822\)
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.5\(822\)"
-
Affected