Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2015-6305

Published: 26/09/2015 Updated: 12/12/2016
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 up to and including 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco anyconnect_secure_mobility_client 2.1.0.148

cisco anyconnect_secure_mobility_client 2.2.0136

cisco anyconnect_secure_mobility_client 2.3.2016

cisco anyconnect_secure_mobility_client 2.4.1012

cisco anyconnect_secure_mobility_client 2.5.2017

cisco anyconnect_secure_mobility_client 2.5.2019

cisco anyconnect_secure_mobility_client 3.0.0629

cisco anyconnect_secure_mobility_client 3.0.2052

cisco anyconnect_secure_mobility_client 3.0.5080

cisco anyconnect_secure_mobility_client 3.0.09266

cisco anyconnect_secure_mobility_client 3.1.07021

cisco anyconnect_secure_mobility_client 4.0.0

cisco anyconnect_secure_mobility_client 2.5.0217

cisco anyconnect_secure_mobility_client 2.5.2006

cisco anyconnect_secure_mobility_client 2.5.2010

cisco anyconnect_secure_mobility_client 2.5.2011

cisco anyconnect_secure_mobility_client 3.0.3050

cisco anyconnect_secure_mobility_client 3.0.3054

cisco anyconnect_secure_mobility_client 3.0.4235

cisco anyconnect_secure_mobility_client 3.0.5075

cisco anyconnect_secure_mobility_client 4.0.00048

cisco anyconnect_secure_mobility_client 4.0.00051

cisco anyconnect_secure_mobility_client 4.0\\(64\\)

cisco anyconnect_secure_mobility_client 4.0\\(48\\)

cisco anyconnect_secure_mobility_client 4.0\\(2049\\)

cisco anyconnect_secure_mobility_client 2.0.0343

cisco anyconnect_secure_mobility_client 2.2.0133

cisco anyconnect_secure_mobility_client 2.4.0202

cisco anyconnect_secure_mobility_client 2.5_base

cisco anyconnect_secure_mobility_client 2.5.2014

cisco anyconnect_secure_mobility_client 2.5.2018

cisco anyconnect_secure_mobility_client 3.0.0

cisco anyconnect_secure_mobility_client 3.0.1047

cisco anyconnect_secure_mobility_client 3.0.09231

cisco anyconnect_secure_mobility_client 3.0.09353

cisco anyconnect_secure_mobility_client 3.1.06073

cisco anyconnect_secure_mobility_client 3.1\\(60\\)

cisco anyconnect_secure_mobility_client 4.1.0

cisco anyconnect_secure_mobility_client 2.2.0140

cisco anyconnect_secure_mobility_client 2.3.0185

cisco anyconnect_secure_mobility_client 2.3.0254

cisco anyconnect_secure_mobility_client 2.3.1003

cisco anyconnect_secure_mobility_client 2.5.3041

cisco anyconnect_secure_mobility_client 2.5.3046

cisco anyconnect_secure_mobility_client 2.5.3051

cisco anyconnect_secure_mobility_client 2.5.3054

cisco anyconnect_secure_mobility_client 2.5.3055

cisco anyconnect_secure_mobility_client 3.1.0

cisco anyconnect_secure_mobility_client 3.1.02043

cisco anyconnect_secure_mobility_client 3.1.05182

cisco anyconnect_secure_mobility_client 3.1.05187

Exploits

Exploit DB: Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation
Source: codegooglecom/p/google-security-research/issues/detail?id=460 Cisco AnyConnect Secure Mobility Client v3108009 Elevation of Privilege Platform: Windows 81 Update, Client version 3108009 (tested on 32 bit only) Class: Elevation of Privilege Summary: The fix for CVE-2015-4211 is insufficient which allows a local application t ...

Github Repositories

https://github.com/goichot/CVE-2020-3153

Cisco AnyConnect < 4.8.02042 privilege escalation through path traversal

CVE-2020-3153 Cisco AnyConnect &lt; 4802042 privilege escalation through path traversal Description The auto-update feature of Cisco AnyConnect is affected by a path traversal vulnerability An attacker can exploit this vulnerability to gain system level privileges For more details, please refer to: the original advisory SSD Advisory my notes Exploit This exploit uses

References

CWE-426http://tools.cisco.com/security/center/viewAlert.x?alertId=41136https://code.google.com/p/google-security-research/issues/detail?id=460http://packetstormsecurity.com/files/133876/Cisco-AnyConnect-Secure-Mobility-Client-3.1.08009-Privilege-Elevation.htmlhttps://www.exploit-db.com/exploits/38289/http://www.securitytracker.com/id/1033643http://seclists.org/fulldisclosure/2015/Sep/80https://nvd.nist.govhttps://github.com/goichot/CVE-2020-3153https://www.exploit-db.com/exploits/38289/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook