CVE-2015-4211

2015-06-2410:59:07

CWE-264

cisco

web.nvd.nist.gov

cve-2015-4211

cisco

anyconnect

secure mobility client

privilege escalation

windows

inf file

cscus65862

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.3

Confidence

Low

EPSS

Percentile

5.1%

JSON

Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.

Affected configurations

Nvd

Node

ciscoanyconnect_secure_mobility_clientMatch3.1\(60\)

AND

microsoftwindows

VendorProductVersionCPE
ciscoanyconnect_secure_mobility_client3.1(60)cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1\(60\):*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	anyconnect_secure_mobility_client	3.1(60)	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1\(60\):::::::*
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::