Medium severity6.5NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026

CVE-2017-12268

Description

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539.

Affected products

N/a/Cisco Anyconnect Network Access Managerv5
Range: Cisco AnyConnect Network Access Manager
Cisco Systems, Inc./Anyconnect Secure Mobility Client
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(822\):*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/101157nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039507nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anamnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000