cisco-sa-20170816-caw

Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability

cisco-sa-20170816-caw · Medium · Published 8 years ago · Updated 8 years ago

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-caw

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEs	CVE-2017-6788
Cisco Bug IDs	CSCvf12055
CVSS Score	Base 6.1 Base 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source	Cisco AnyConnect Secure Mobility Client, Cisco Secure Client

Related Products

Product	CVE	Evidence
Cisco Secure Client	CVE-2017-6788	Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client	CVE-2017-6788	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerability

Workarounds

Related Products