ByteOS Network

NVD Vulnerability Details :

CVE-2018-0334

Modified

Source-ykramarz@cisco.com

Published At-07 Jun, 2018 | 21:29

Updated At-09 Oct, 2019 | 23:31

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	4.8	MEDIUM	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary	2.0	5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N

CPE Matches

Cisco Systems, Inc.

>>anyconnect_secure_mobility_client>>4.6\(100\)

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6\(100\):*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Primary	nvd@nist.gov
CWE-295	Secondary	ykramarz@cisco.com

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/104430	ykramarz@cisco.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041075	ykramarz@cisco.com	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-AnyConnect-cert-bypass	ykramarz@cisco.com	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History