CVE-2018-0373: Input Validation
First published: Thu Jun 21 2018(Updated: )
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Anyconnect Secure Mobility Client | =4.5\(58\) | |
| Cisco Anyconnect Secure Mobility Client | =4.5\(1044\) | |
| Cisco Anyconnect Secure Mobility Client | =4.5\(2033\) | |
| Cisco Anyconnect Secure Mobility Client | =4.5\(2036\) | |
| Cisco Anyconnect Secure Mobility Client | =4.5\(3040\) | |
| Cisco Anyconnect Secure Mobility Client | =4.5\(4029\) | |
| Cisco Anyconnect Secure Mobility Client | =4.5\(5030\) | |
| Cisco Anyconnect Secure Mobility Client | =4.6\(362\) | |
| Cisco Anyconnect Secure Mobility Client | =4.6\(1098\) | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-0373?
CVE-2018-0373 is a vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop, which could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.
How severe is CVE-2018-0373?
CVE-2018-0373 has a severity rating of 5.5 out of 10 (medium).
Which software is affected by CVE-2018-0373?
Cisco AnyConnect Secure Mobility Client versions 4.5(58), 4.5(1044), 4.5(2033), 4.5(2036), 4.5(3040), 4.5(4029), 4.5(5030), 4.6(362), and 4.6(1098) are affected by CVE-2018-0373.
How can I fix CVE-2018-0373?
To fix CVE-2018-0373, it is recommended to upgrade to a fixed version of Cisco AnyConnect Secure Mobility Client. Please refer to the Cisco Security Advisory for more information.
Where can I find more information about CVE-2018-0373?
You can find more information about CVE-2018-0373 in the following references: 1) [SecurityFocus](http://www.securityfocus.com/bid/104548), 2) [SecurityTracker](http://www.securitytracker.com/id/1041176), and 3) [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos).
- collector/nvd-index
- vendor/cisco
- canonical/cisco anyconnect secure mobility client
- version/cisco anyconnect secure mobility client/4.5\(58\)
- version/cisco anyconnect secure mobility client/4.5\(1044\)
- version/cisco anyconnect secure mobility client/4.5\(2033\)
- version/cisco anyconnect secure mobility client/4.5\(2036\)
- version/cisco anyconnect secure mobility client/4.5\(3040\)
- version/cisco anyconnect secure mobility client/4.5\(4029\)
- version/cisco anyconnect secure mobility client/4.5\(5030\)
- version/cisco anyconnect secure mobility client/4.6\(362\)
- version/cisco anyconnect secure mobility client/4.6\(1098\)
- vendor/microsoft
- canonical/microsoft windows