Cisco AnyConnect Secure Mobility Client多个本地权限提升漏洞
Cisco AnyConnect Secure Mobility Client多个本地权限提升漏洞
发布日期:2013-04-10
更新日期:2013-04-15
受影响系统:
Cisco AnyConnect Secure Mobility Client
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 59034
CVE(CAN) ID: CVE-2013-1172
Cisco AnyConnect Secure Mobility Client是思科下一代VPN客户端。
Cisco AnyConnect Secure Mobility Client (AnyConnect VPN Client)的安全服务Cisco Host Scan组件和Cisco Secure Desktop没有正确验证文件,存在安全漏洞,本地无特权用户可利用此漏洞获取SYSTEM权限。
<*来源:Cisco
链接:http://secunia.com/advisories/53015/
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1172
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.cisco.com/en/US/products/ps10884/index.html
评论暂时关闭