CVE-2013-1130 — MEDIUM (6.8)

Vulnerability Description

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.

CVSS Score

6.8

MEDIUM

AV:L/AC:L/Au:S/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Cisco	Anyconnect Secure Mobility Client	-
Apple	Mac Os X	All versions

Related Weaknesses (CWE)

CWE-264

References

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1130Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1130Vendor Advisory

FAQ

What is CVE-2013-1130?

CVE-2013-1130 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.

How severe is CVE-2013-1130?

CVE-2013-1130 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1130?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Anyconnect Secure Mobility Client, Apple Mac Os X.