CVE-2017-12268

{"id": "CVE-2017-12268", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2017-10-05T07:29:00.700", "references": [{"url": "http://www.securityfocus.com/bid/101157", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1039507", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539."}, {"lang": "es", "value": "Un vulnerabilidad en el NAM (Network Access Manager) de Cisco AnyConnect Secure Mobility Client podr\u00eda permitir que un atacante local autenticado habilite m\u00faltiples adaptadores de red. Esta vulnerabilidad tambi\u00e9n se conoce como \"Dual-Home Interface Vulnerability\". Esta vulnerabilidad se debe a la falta de mecanismos suficientes para el cumplimiento de pol\u00edticas NAM. Un atacante podr\u00eda explotar esta vulnerabilidad manipulando las interfaces de red del dispositivo para permitir que haya varias activas al mismo tiempo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante env\u00ede tr\u00e1fico a trav\u00e9s de una interfaz de red que no est\u00e1 autorizada. Cisco Bug IDs: CSCvf66539."}], "lastModified": "2019-10-09T23:22:47.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\\(822\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB1DAD51-466B-4D98-8A77-5E29BD30A3C7"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}