Vulnerability Details CVE-2018-0100
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.5%
CVSS Severity
CVSS v3 Score 4.4
CVSS v2 Score 3.6
References
- http://www.securityfocus.com/bid/102738
- http://www.securitytracker.com/id/1040246
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-acpe
- http://www.securityfocus.com/bid/102738
- http://www.securitytracker.com/id/1040246
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-acpe
Products affected by CVE-2018-0100
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:-
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.254
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.1012
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.4004
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.4014
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.5004
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.7030
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.7073
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.0217
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.1025
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2001
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2006
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2010
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2011
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2014
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2017
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2018
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2019
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3041
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3046
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3051
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3054
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3055
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5112
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5116
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5118
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5125
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5130
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.5131
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.6005
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0629
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.07059
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.08057
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.08066
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.1047
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.2052
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3050
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3054
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.4235
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5075
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5080
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1(.02043)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1(.07021)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1(60)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.00495
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.2.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0(.00048)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0(.00051)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0(2049)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00052
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00057
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00061
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.00028
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.02011
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.04011
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.06013
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.06020
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.08005
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.03104
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.05085
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.05111
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.06090
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.00096
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.01022
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.01035
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.02075
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.03013
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.04018
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.04039
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.05015
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.2.06014
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.00748
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.01095
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.02039
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.03086
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.3.04027
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.4(4027)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.4.00243
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(1044)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(2033)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(2036)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(3040)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(4029)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(5030)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(58)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5(822)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6(100)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6(1098)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6(200)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6(2074)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.6(362)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.00175
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.00820
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.00826
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.01090
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.01098
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.02042
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.02045
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03036
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03043
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03052
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03537
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03538
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03645
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.8.03651
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9(3052)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9(5086)
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.00086
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.01095
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.02028
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03047
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.03049
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04043
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.04053
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.05042
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.9.06037
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:98.145(86)