Lucene search

CiscoCVE-2015-6322

HistoryOct 12, 2015 - 10:59 a.m.

CVE-2015-6322

2015-10-1210:59:10

CWE-264

cisco

web.nvd.nist.gov

cisco

anyconnect

secure mobility client

ipc channel

vulnerability

bug id

cscuv48563

nvd

cve-2015-6322

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.

Affected configurations

Nvd

Node

ciscoanyconnect_secure_mobility_clientMatch2.0.0343

ciscoanyconnect_secure_mobility_clientMatch2.1.0148

ciscoanyconnect_secure_mobility_clientMatch2.2.0133

ciscoanyconnect_secure_mobility_clientMatch2.2.0136

ciscoanyconnect_secure_mobility_clientMatch2.2.0140

ciscoanyconnect_secure_mobility_clientMatch2.3.0185

ciscoanyconnect_secure_mobility_clientMatch2.3.0254

ciscoanyconnect_secure_mobility_clientMatch2.3.1003

ciscoanyconnect_secure_mobility_clientMatch2.3.2016

ciscoanyconnect_secure_mobility_clientMatch2.4.0202

ciscoanyconnect_secure_mobility_clientMatch2.4.1012

ciscoanyconnect_secure_mobility_clientMatch2.5.0217

ciscoanyconnect_secure_mobility_clientMatch2.5.2006

ciscoanyconnect_secure_mobility_clientMatch2.5.2010

ciscoanyconnect_secure_mobility_clientMatch2.5.2011

ciscoanyconnect_secure_mobility_clientMatch2.5.2014

ciscoanyconnect_secure_mobility_clientMatch2.5.2017

ciscoanyconnect_secure_mobility_clientMatch2.5.2018

ciscoanyconnect_secure_mobility_clientMatch2.5.2019

ciscoanyconnect_secure_mobility_clientMatch2.5.3041

ciscoanyconnect_secure_mobility_clientMatch2.5.3046

ciscoanyconnect_secure_mobility_clientMatch2.5.3051

ciscoanyconnect_secure_mobility_clientMatch2.5.3054

ciscoanyconnect_secure_mobility_clientMatch2.5.3055

ciscoanyconnect_secure_mobility_clientMatch2.5_base

ciscoanyconnect_secure_mobility_clientMatch3.0.0

ciscoanyconnect_secure_mobility_clientMatch3.0.0629

ciscoanyconnect_secure_mobility_clientMatch3.0.1047

ciscoanyconnect_secure_mobility_clientMatch3.0.2052

ciscoanyconnect_secure_mobility_clientMatch3.0.3050

ciscoanyconnect_secure_mobility_clientMatch3.0.3054

ciscoanyconnect_secure_mobility_clientMatch3.0.4235

ciscoanyconnect_secure_mobility_clientMatch3.0.5075

ciscoanyconnect_secure_mobility_clientMatch3.0.5080

ciscoanyconnect_secure_mobility_clientMatch3.0.09231

ciscoanyconnect_secure_mobility_clientMatch3.0.09266

ciscoanyconnect_secure_mobility_clientMatch3.0.09353

ciscoanyconnect_secure_mobility_clientMatch3.1\(60\)

ciscoanyconnect_secure_mobility_clientMatch3.1.0

ciscoanyconnect_secure_mobility_clientMatch3.1.02043

ciscoanyconnect_secure_mobility_clientMatch3.1.05182

ciscoanyconnect_secure_mobility_clientMatch3.1.05187

ciscoanyconnect_secure_mobility_clientMatch3.1.06073

ciscoanyconnect_secure_mobility_clientMatch3.1.07021

ciscoanyconnect_secure_mobility_clientMatch4.0\(48\)

ciscoanyconnect_secure_mobility_clientMatch4.0\(64\)

ciscoanyconnect_secure_mobility_clientMatch4.0\(2049\)

ciscoanyconnect_secure_mobility_clientMatch4.0.0

ciscoanyconnect_secure_mobility_clientMatch4.0.00048

ciscoanyconnect_secure_mobility_clientMatch4.0.00051

ciscoanyconnect_secure_mobility_clientMatch4.1\(8\)

ciscoanyconnect_secure_mobility_clientMatch4.1.0

VendorProductVersionCPE
ciscoanyconnect_secure_mobility_client2.0.0343cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0.0343:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.1.0148cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1.0148:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.0133cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0133:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.0136cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0136:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.0140cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0140:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.0185cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0185:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.0254cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0254:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.1003cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.1003:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.2016cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.4.0202cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	anyconnect_secure_mobility_client	2.0.0343	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0.0343:::::::*
cisco	anyconnect_secure_mobility_client	2.1.0148	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1.0148:::::::*
cisco	anyconnect_secure_mobility_client	2.2.0133	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0133:::::::*
cisco	anyconnect_secure_mobility_client	2.2.0136	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0136:::::::*
cisco	anyconnect_secure_mobility_client	2.2.0140	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0140:::::::*
cisco	anyconnect_secure_mobility_client	2.3.0185	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0185:::::::*
cisco	anyconnect_secure_mobility_client	2.3.0254	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0254:::::::*
cisco	anyconnect_secure_mobility_client	2.3.1003	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.1003:::::::*
cisco	anyconnect_secure_mobility_client	2.3.2016	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:::::::*
cisco	anyconnect_secure_mobility_client	2.4.0202	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:::::::*

Rows per page:

1-10 of 521

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc

www.securitytracker.com/id/1033785

CVSS2

6.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-6322