7.2
CVE-2015-6305
- EPSS 1.96%
- Published 26.09.2015 01:59:09
- Last modified 12.04.2025 10:46:40
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Anyconnect Secure Mobility Client Version2.0.0343
Cisco ≫ Anyconnect Secure Mobility Client Version2.1.0.148
Cisco ≫ Anyconnect Secure Mobility Client Version2.2.0133
Cisco ≫ Anyconnect Secure Mobility Client Version2.2.0136
Cisco ≫ Anyconnect Secure Mobility Client Version2.2.0140
Cisco ≫ Anyconnect Secure Mobility Client Version2.3.0185
Cisco ≫ Anyconnect Secure Mobility Client Version2.3.0254
Cisco ≫ Anyconnect Secure Mobility Client Version2.3.1003
Cisco ≫ Anyconnect Secure Mobility Client Version2.3.2016
Cisco ≫ Anyconnect Secure Mobility Client Version2.4.0202
Cisco ≫ Anyconnect Secure Mobility Client Version2.4.1012
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.0217
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.2006
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.2010
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.2011
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.2014
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.2017
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.2018
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.2019
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.3041
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.3046
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.3051
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.3054
Cisco ≫ Anyconnect Secure Mobility Client Version2.5.3055
Cisco ≫ Anyconnect Secure Mobility Client Version2.5_base
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.0
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.0629
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.1047
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.2052
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.3050
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.3054
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.4235
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.5075
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.5080
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.09231
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.09266
Cisco ≫ Anyconnect Secure Mobility Client Version3.0.09353
Cisco ≫ Anyconnect Secure Mobility Client Version3.1.0
Cisco ≫ Anyconnect Secure Mobility Client Version3.1.02043
Cisco ≫ Anyconnect Secure Mobility Client Version3.1.05182
Cisco ≫ Anyconnect Secure Mobility Client Version3.1.05187
Cisco ≫ Anyconnect Secure Mobility Client Version3.1.06073
Cisco ≫ Anyconnect Secure Mobility Client Version3.1.07021
Cisco ≫ Anyconnect Secure Mobility Client Version4.0.0
Cisco ≫ Anyconnect Secure Mobility Client Version4.0.00048
Cisco ≫ Anyconnect Secure Mobility Client Version4.0.00051
Cisco ≫ Anyconnect Secure Mobility Client Version4.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.96% | 0.829 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.