Medium severity6.1NVD Advisory· Published Aug 17, 2017· Updated May 13, 2026

CVE-2017-6788

Description

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to insufficient input validation of some parameters that are passed to the WebLaunch function of the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. Cisco Bug IDs: CSCvf12055. Known Affected Releases: 98.89(40).

Affected products

Cisco Systems, Inc./Anyconnect Secure Mobility Client2 versions
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.4\(4027\):*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.4\(4027\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.5\(58\):*:*:*:*:*:*:*
Cisco Systems, Inc./AnyConnect WebLaunchv5
Range: 98.89(40)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100364nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1039190nvdThird Party AdvisoryVDB Entry
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-cawnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000