GCVE - cpe:2.3:a:cisco:anyconnect_secure_mobility

Approved changes feed: RSS · Atom

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.04039:*:*:*:*:*:*:*

part: a version: 4.2.04039 update: *

Vendor	Cisco (`e1b3baff-aaf9-56a6-a68a-41e28ce616a5`)
Product	Anyconnect Secure Mobility Client (`be2ee1de-f2a8-569b-8265-8110ef804802`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-3813`	vulnerable	2026-06-03 14:37:16.583730	Details available A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976. Published: 2017-02-09T17:00:00.000Z Updated: 2024-08-05T14:39:41.248Z Open on db.gcve.eu Reference links https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170208-anyconnect https://www.exploit-db.com/exploits/41476/ http://www.securitytracker.com/id/1037796 http://www.securityfocus.com/bid/96145	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-9192`	vulnerable	2026-06-03 14:36:15.851724	Details available A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225). Published: 2016-12-14T00:37:00.000Z Updated: 2024-08-06T02:42:11.120Z Open on db.gcve.eu Reference links https://github.com/serializingme/cve-2016-9192 https://github.com/nettitude/PoshC2/blob/master/Modules/CVE-2016-9192.ps1 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-anyconnect1 http://www.securitytracker.com/id/1037409 http://www.securityfocus.com/bid/94770	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-6369`	vulnerable	2026-06-03 14:35:57.843427	Details available Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. Published: 2016-08-25T21:00:00.000Z Updated: 2024-08-06T01:29:20.013Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1036697 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160824-anyconnect http://www.securityfocus.com/bid/92625	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Cisco AnyConnect Secure Mobility Client 4.2.04039

PURL mappings

Vulnerability references

Contribute