Cisco AnyConnect Secure Mobility Client for Windows CVE-2018-0373 Denial of Service Vulnerability

Bugtraq ID:	104548
Class:	Input Validation Error
CVE:	CVE-2018-0373
Remote:	No
Local:	Yes
Published:	Jun 20 2018 12:00AM
Updated:	Jun 20 2018 12:00AM
Credit:	Gert Doering at OpenVPN
Vulnerable:	Cisco AnyConnect Secure Mobility Client for Windows 4.0.7 Cisco AnyConnect Secure Mobility Client for Windows 4.6 Cisco AnyConnect Secure Mobility Client for Windows 4.5 Cisco AnyConnect Secure Mobility Client for Windows 4.3 Cisco AnyConnect Secure Mobility Client for Windows 4.2 Cisco AnyConnect Secure Mobility Client for Windows 4.0
Not Vulnerable:	Cisco AnyConnect Secure Mobility Client for Windows 4.6.1103

Cisco AnyConnect Secure Mobility Client for Windows CVE-2018-0373 Denial of Service Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows is prone to a local denial-of-service vulnerability.

A local attacker can exploit this issue to cause a denial-of-service condition.

This issue is being tracked by Cisco bug ID CSCvj47654.

Cisco AnyConnect Secure Mobility Client for Windows CVE-2018-0373 Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Cisco AnyConnect Secure Mobility Client for Windows CVE-2018-0373 Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Cisco AnyConnect Secure Mobility Client for Windows CVE-2018-0373 Denial of Service Vulnerability

References:

• Cisco Homepage (Cisco)
  
• Cisco AnyConnect Secure Mobility Client for Windows Desktop DoS (Cisco)