Does this issue have a CVE?

Gilks / hostscan-bypass

Generate OpenConnect CSD files to bypass Cisco AnyConnect hostscan requirements

248 stars 46 forks source link

Does this issue have a CVE? #2

Closed Frichetten closed 6 years ago

Frichetten commented 6 years ago

Great work man, this is interesting stuff. I just had a question, does this issue have an associated CVE? Or would this type of bypass even warrant a CVE from Cisco?

Gilks commented 6 years ago

I thought about submitting for a CVE but I didn't really think it warranted one. At the core of it, all you're doing is making a POST request to the AnyConnect server with the correct settings. The software is working as intended.

However, I'd be open to pursuing one if the community felt it was worthy of one.

Frichetten commented 6 years ago

Thats a good point, then again you are bypassing the expected behavior of the product and it's likely something they should fix. Again, great work dude. Made my day much more interesting!