Cisco Host Scan Component of AnyConnect Secure Mobility and Secure Desktop Privilege Elevation Vulnerability
Cisco-SA-20130411-CVE-2013-1172 · Medium · Published · Updated
The Cisco Host Scan component of Cisco AnyConnect Secure Mobility and Cisco Secure Desktop contains multiple vulnerabilities that could allow a local, unprivileged user to elevate privileges to those of SYSTEM. Cisco has confirmed the vulnerability in a security notice and software updates are available. To exploit this vulnerability, the attacker must have local access to a targeted system. This access restriction limits the possibility of a successful exploit. Customers are advised to review the bug report in the Vendor Announcements section for a current list of affected versions. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.