CVE-2018-0334

Severity Score

4.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.

Una vulnerabilidad en el subsistema de gestión de certificados de Cisco AnyConnect Network Access Manager y Cisco AnyConnect Secure Mobility Client para iOS, Mac OS X, Android, Windows y Linux podría permitir que un atacante remoto no autenticado omita la comprobación de certificados TLS al descargar ciertos archivos de configuración. La vulnerabilidad se deba al uso incorrecto del protocolo Simple Certificate Enrollment y a una validación incorrecta del certificado del servidor. Un atacante podría explotar esta vulnerabilidad preparando archivos maliciosos del perfil y localización para que sean empleados por Cisco AnyConnect. Su explotación con éxito podría permitir que el atacante cambie remotamente el perfil de configuración, un certificado o los datos de localización empleados por AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-06-07 CVE Published
2023-12-08 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-295: Improper Certificate Validation

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/104430	Third Party Advisory
http://www.securitytracker.com/id/1041075	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-AnyConnect-cert-bypass	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Anyconnect Secure Mobility Client Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"				4.6\(100\) Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "4.6\(100\)"		-		Affected