Details of VAR-201309-0174

ID

VAR-201309-0174

CVE

CVE-2013-1130

TITLE

Mac OS X Run on Cisco AnyConnect Secure Mobility Client Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2013-004271

DESCRIPTION

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. Cisco AnyConnect Secure Mobility Client is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to run arbitrary programs with elevated privileges. This issue is being tracked by Cisco Bug ID CSCue33619

Trust: 1.98

sources: NVD: CVE-2013-1130 // JVNDB: JVNDB-2013-004271 // BID: 62519 // VULHUB: VHN-61132

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	3.0.5080 (mac os x)	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 62519 // JVNDB: JVNDB-2013-004271 // CNNVD: CNNVD-201309-358 // NVD: CVE-2013-1130

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-1130
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-1130
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201309-358
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-61132
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-1130
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-61132
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-61132 // JVNDB: JVNDB-2013-004271 // CNNVD: CNNVD-201309-358 // NVD: CVE-2013-1130

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-61132 // JVNDB: JVNDB-2013-004271 // NVD: CVE-2013-1130

THREAT TYPE

local

Trust: 0.9

sources: BID: 62519 // CNNVD: CNNVD-201309-358

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201309-358

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004271

PATCH

title:	Cisco AnyConnect Secure Mobility Client Local Privilege Escalation Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1130	Trust: 0.8
title:	30916	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=30916	Trust: 0.8

sources: JVNDB: JVNDB-2013-004271

EXTERNAL IDS

db:	NVD	id:	CVE-2013-1130	Trust: 2.8
db:	JVNDB	id:	JVNDB-2013-004271	Trust: 0.8
db:	CNNVD	id:	CNNVD-201309-358	Trust: 0.7
db:	CISCO	id:	20130919 CISCO ANYCONNECT SECURE MOBILITY CLIENT LOCAL PRIVILEGE ESCALATION VULNERABILITY	Trust: 0.6
db:	BID	id:	62519	Trust: 0.4
db:	VULHUB	id:	VHN-61132	Trust: 0.1

sources: VULHUB: VHN-61132 // BID: 62519 // JVNDB: JVNDB-2013-004271 // CNNVD: CNNVD-201309-358 // NVD: CVE-2013-1130

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1130	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1130	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1130	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-61132 // BID: 62519 // JVNDB: JVNDB-2013-004271 // CNNVD: CNNVD-201309-358 // NVD: CVE-2013-1130

CREDITS

Cisco

Trust: 0.3

sources: BID: 62519

SOURCES

db:	VULHUB	id:	VHN-61132
db:	BID	id:	62519
db:	JVNDB	id:	JVNDB-2013-004271
db:	CNNVD	id:	CNNVD-201309-358
db:	NVD	id:	CVE-2013-1130

LAST UPDATE DATE

2025-04-11T23:05:35.846000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-61132	date:	2013-09-23T00:00:00
db:	BID	id:	62519	date:	2013-09-21T00:14:00
db:	JVNDB	id:	JVNDB-2013-004271	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-358	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-1130	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-61132	date:	2013-09-20T00:00:00
db:	BID	id:	62519	date:	2013-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-004271	date:	2013-09-25T00:00:00
db:	CNNVD	id:	CNNVD-201309-358	date:	2013-09-23T00:00:00
db:	NVD	id:	CVE-2013-1130	date:	2013-09-20T16:55:07.770