PT-2015-7168 · Cisco · Cisco Anyconnect Secure Mobility Client

Yorick Koster

Publicado

2015-09-25

Atualizado

2016-12-12

CVE-2015-6305

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client versions 2.0 through 4.1

Description The issue is related to an untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe. This allows local users to gain privileges via a Trojan horse DLL in the current working directory. For example, a Trojan horse dbghelp.dll can be used to exploit this issue.

Recommendations For Cisco AnyConnect Secure Mobility Client versions 2.0 through 4.1, consider restricting access to the vpndownloader.exe until a patch is available. As a temporary workaround, avoid using the CMainThread::launchDownloader function to minimize the risk of exploitation.

Exploit

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

CVE-2015-6305

Produtos afetados

Cisco Anyconnect Secure Mobility Client

PT-2015-7168 · Cisco · Cisco Anyconnect Secure Mobility Client

CVE-2015-6305

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7