How severe is CVE-2017-12268?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2017-12268?

This is classified as CWE-264, which is a common weakness in software security.

CVE-2017-12268 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.

Related Vulnerabilities

CVE-2014-0229

MEDIUM

CVSS:6.5(Medium)

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownData...

CWE-2642014

CVE-2014-1889

MEDIUM

CVSS:6.5(Medium)

The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.

CWE-2642014

CVE-2014-8540

MEDIUM

CVSS:6.5(Medium)

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.

CWE-2642014

CVE-2014-9503

MEDIUM

CVSS:6.5(Medium)

The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging impr...

CWE-2642014

CVE-2015-4082

MEDIUM

CVSS:6.5(Medium)

attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informat...

CWE-2642015

CVE-2015-5167

MEDIUM

CVSS:6.5(Medium)

The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.

CWE-2642015