CVE-2015-6322

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client versions 2.0.0343 through 4.1(8)

Description The issue is related to the IPC channel in Cisco AnyConnect Secure Mobility Client, which lacks source-path validation. This allows local users to bypass intended access restrictions and move arbitrary files. The problem is associated with insufficient access restrictions to certain functions.

Recommendations For versions 2.0.0343 through 4.1(8), consider restricting access to the IPC channel as a temporary workaround until a patch is available. Additionally, limiting file movement capabilities for local users can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.