VIR Vulnerability Intelligence Relay

CVE-2016-6369

high
Published 2016-08-25 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
7.8
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.8

Description

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

Predictions

Exploit likelihood
75%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact
VendorProductVersionsFixed
cisco ciscoanyconnect_secure_mobility_client2.0.0343
cisco ciscoanyconnect_secure_mobility_client2.1.0148
cisco ciscoanyconnect_secure_mobility_client2.2.0133
cisco ciscoanyconnect_secure_mobility_client2.2.0136
cisco ciscoanyconnect_secure_mobility_client2.2.0140
cisco ciscoanyconnect_secure_mobility_client2.3.0185
cisco ciscoanyconnect_secure_mobility_client2.3.0254
cisco ciscoanyconnect_secure_mobility_client2.3.1003
cisco ciscoanyconnect_secure_mobility_client2.3.2016
cisco ciscoanyconnect_secure_mobility_client2.4.0202
cisco ciscoanyconnect_secure_mobility_client2.4.1012
cisco ciscoanyconnect_secure_mobility_client2.5.0217
cisco ciscoanyconnect_secure_mobility_client2.5.2006
cisco ciscoanyconnect_secure_mobility_client2.5.2010
cisco ciscoanyconnect_secure_mobility_client2.5.2011
cisco ciscoanyconnect_secure_mobility_client2.5.2014
cisco ciscoanyconnect_secure_mobility_client2.5.2017
cisco ciscoanyconnect_secure_mobility_client2.5.2018
cisco ciscoanyconnect_secure_mobility_client2.5.2019
cisco ciscoanyconnect_secure_mobility_client2.5.3041
cisco ciscoanyconnect_secure_mobility_client2.5.3046
cisco ciscoanyconnect_secure_mobility_client2.5.3051
cisco ciscoanyconnect_secure_mobility_client2.5.3054
cisco ciscoanyconnect_secure_mobility_client2.5.3055
cisco ciscoanyconnect_secure_mobility_client2.5_base
cisco ciscoanyconnect_secure_mobility_client3.0.0
cisco ciscoanyconnect_secure_mobility_client3.0.0629
cisco ciscoanyconnect_secure_mobility_client3.0.1047
cisco ciscoanyconnect_secure_mobility_client3.0.2052
cisco ciscoanyconnect_secure_mobility_client3.0.3050
cisco ciscoanyconnect_secure_mobility_client3.0.3054
cisco ciscoanyconnect_secure_mobility_client3.0.4235
cisco ciscoanyconnect_secure_mobility_client3.0.5075
cisco ciscoanyconnect_secure_mobility_client3.0.5080
cisco ciscoanyconnect_secure_mobility_client3.0.09231
cisco ciscoanyconnect_secure_mobility_client3.0.09266
cisco ciscoanyconnect_secure_mobility_client3.0.09353
cisco ciscoanyconnect_secure_mobility_client3.1\(60\)
cisco ciscoanyconnect_secure_mobility_client3.1.0
cisco ciscoanyconnect_secure_mobility_client3.1.02043
cisco ciscoanyconnect_secure_mobility_client3.1.05182
cisco ciscoanyconnect_secure_mobility_client3.1.05187
cisco ciscoanyconnect_secure_mobility_client3.1.06073
cisco ciscoanyconnect_secure_mobility_client3.1.07021
cisco ciscoanyconnect_secure_mobility_client4.0\(48\)
cisco ciscoanyconnect_secure_mobility_client4.0\(64\)
cisco ciscoanyconnect_secure_mobility_client4.0\(2049\)
cisco ciscoanyconnect_secure_mobility_client4.0.0
cisco ciscoanyconnect_secure_mobility_client4.0.00048
cisco ciscoanyconnect_secure_mobility_client4.0.00051
cisco ciscoanyconnect_secure_mobility_client4.1\(8\)
cisco ciscoanyconnect_secure_mobility_client4.1.0
cisco ciscoanyconnect_secure_mobility_client4.2.0
cisco ciscoanyconnect_secure_mobility_client4.2.04039
cisco ciscoanyconnect_secure_mobility_client4.3.0
cisco ciscoanyconnect_secure_mobility_client4.3.00748
cisco ciscoanyconnect_secure_mobility_client4.3.01095

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.