Rapid7 Vulnerability & Exploit Database

Cisco AnyConnect: CVE-2018-0334: Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability

Back to Search

Cisco AnyConnect: CVE-2018-0334: Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:N)
Published
06/07/2018
Created
12/16/2020
Added
12/16/2020
Modified
12/16/2020

Description

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141.

Solution(s)

  • cisco-anyconnect-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;