Cisco AnyConnect Secure Mobility Client Software CVE-2017-6788 Cross Site Scripting Vulnerability

Cisco AnyConnect Secure Mobility Client Software is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue is being tracked by Cisco Bug ID CSCvf12055.

Information

Bugtraq ID: 100364
Class: Input Validation Error
CVE: CVE-2017-6788

Remote: Yes
Local: No
Published: Aug 16 2017 12:00AM
Updated: Aug 16 2017 08:11PM
Credit: Adam Willard of Blue Canopy.
Vulnerable: Cisco AnyConnect Secure Mobility Client Software 0
Cisco AnyConnect Secure Mobility Client 98.89(40)

Not Vulnerable:

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

Cisco Homepage (Cisco )
cisco-sa-20170816-caw: Cisco AnyConnect WebLaunch Cross-Site Scripting Vulnerabi (Cisco)

Source: www.securityfocus.com

Exploit Collector

Search Exploit