Medium severity6.1NVD Advisory· Published Aug 17, 2017· Updated Jun 17, 2026
CVE-2017-6788
CVE-2017-6788
Description
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.4\(4027\):*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.4\(4027\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(58\):*:*:*:*:*:*:*
- Cisco Systems, Inc./AnyConnect WebLaunchv5Range: 98.89(40)
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/100364nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039190nvdThird Party AdvisoryVDB Entry
- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cawnvdVendor Advisory
News mentions
0No linked articles in our index yet.