CVE-2016-9192
First published: Wed Dec 14 2016(Updated: )
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AnyConnect | =3.1\(60\) | |
| Cisco AnyConnect | =3.1.0 | |
| Cisco AnyConnect | =3.1.02043 | |
| Cisco AnyConnect | =3.1.05182 | |
| Cisco AnyConnect | =3.1.05187 | |
| Cisco AnyConnect | =3.1.06073 | |
| Cisco AnyConnect | =3.1.07021 | |
| Cisco AnyConnect | =4.0\(48\) | |
| Cisco AnyConnect | =4.0\(64\) | |
| Cisco AnyConnect | =4.0\(2049\) | |
| Cisco AnyConnect | =4.0.0 | |
| Cisco AnyConnect | =4.0.00048 | |
| Cisco AnyConnect | =4.0.00051 | |
| Cisco AnyConnect | =4.1\(8\) | |
| Cisco AnyConnect | =4.1.0 | |
| Cisco AnyConnect | =4.2.0 | |
| Cisco AnyConnect | =4.2.04039 | |
| Cisco AnyConnect | =4.3.0 | |
| Cisco AnyConnect | =4.3.00748 | |
| Cisco AnyConnect | =4.3.01095 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-9192?
CVE-2016-9192 is classified as a critical vulnerability due to its potential for allowing local authenticated attackers to execute arbitrary code with system-level privileges.
How do I fix CVE-2016-9192?
To mitigate CVE-2016-9192, users should upgrade to the latest version of Cisco AnyConnect Secure Mobility Client that addresses this vulnerability.
Who is affected by CVE-2016-9192?
CVE-2016-9192 affects users of Cisco AnyConnect Secure Mobility Client versions 3.1(60) and later, as well as several 4.x versions.
What type of attacker can exploit CVE-2016-9192?
CVE-2016-9192 can be exploited by an authenticated, local attacker with physical access to the vulnerable system.
What are the potential impacts of CVE-2016-9192?
If successfully exploited, CVE-2016-9192 could allow an attacker to install and execute arbitrary executable files, leading to complete control over the affected system.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco anyconnect
- version/cisco anyconnect/3.1\(60\)
- version/cisco anyconnect/3.1.0
- version/cisco anyconnect/3.1.02043
- version/cisco anyconnect/3.1.05182
- version/cisco anyconnect/3.1.05187
- version/cisco anyconnect/3.1.06073
- version/cisco anyconnect/3.1.07021
- version/cisco anyconnect/4.0\(48\)
- version/cisco anyconnect/4.0\(64\)
- version/cisco anyconnect/4.0\(2049\)
- version/cisco anyconnect/4.0.0
- version/cisco anyconnect/4.0.00048
- version/cisco anyconnect/4.0.00051
- version/cisco anyconnect/4.1\(8\)
- version/cisco anyconnect/4.1.0
- version/cisco anyconnect/4.2.0
- version/cisco anyconnect/4.2.04039
- version/cisco anyconnect/4.3.0
- version/cisco anyconnect/4.3.00748
- version/cisco anyconnect/4.3.01095