PT-2015-7169 · Cisco · Cisco Anyconnect Secure Mobility Client

Yorick Koster

Published

2015-09-25

Updated

2018-10-09

CVE-2015-6306

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client version 4.1(8)

Description The issue allows local users to obtain root privileges via a crafted installation file because the software does not verify pathnames before installation actions.

Recommendations For Cisco AnyConnect Secure Mobility Client version 4.1(8), update to a version that includes the fix for Bug ID CSCuv11947 to prevent local users from obtaining root privileges.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-6306

Affected Products

Cisco Anyconnect Secure Mobility Client

PT-2015-7169 · Cisco · Cisco Anyconnect Secure Mobility Client

CVE-2015-6306

Weakness Enumeration

Related Identifiers

Affected Products

References · 8