CVE-2017-12268
First published: Thu Oct 05 2017(Updated: )
A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Anyconnect Secure Mobility Client | =4.5\(822\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/tags
- agent/event
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cisco
- canonical/cisco anyconnect secure mobility client
- version/cisco anyconnect secure mobility client/4.5\(822\)