7.2

CVE-2015-6305

Exploit

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoAnyconnect Secure Mobility Client Version2.1.0.148
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.0.09231
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.0.09266
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.0.09353
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.1.02043
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.1.05182
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.1.05187
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.1.06073
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version3.1.07021
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version4.0.00048
   MicrosoftWindows
CiscoAnyconnect Secure Mobility Client Version4.0.00051
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.96% 0.829
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

http://seclists.org/fulldisclosure/2015/Sep/80
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1033643
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/38289/
Third Party Advisory
Exploit
VDB Entry