Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 up to and including 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco anyconnect_secure_mobility_client 2.1.0.148 |
||
cisco anyconnect_secure_mobility_client 2.2.0136 |
||
cisco anyconnect_secure_mobility_client 2.3.2016 |
||
cisco anyconnect_secure_mobility_client 2.4.1012 |
||
cisco anyconnect_secure_mobility_client 2.5.2017 |
||
cisco anyconnect_secure_mobility_client 2.5.2019 |
||
cisco anyconnect_secure_mobility_client 3.0.0629 |
||
cisco anyconnect_secure_mobility_client 3.0.2052 |
||
cisco anyconnect_secure_mobility_client 3.0.5080 |
||
cisco anyconnect_secure_mobility_client 3.0.09266 |
||
cisco anyconnect_secure_mobility_client 3.1.07021 |
||
cisco anyconnect_secure_mobility_client 4.0.0 |
||
cisco anyconnect_secure_mobility_client 2.5.0217 |
||
cisco anyconnect_secure_mobility_client 2.5.2006 |
||
cisco anyconnect_secure_mobility_client 2.5.2010 |
||
cisco anyconnect_secure_mobility_client 2.5.2011 |
||
cisco anyconnect_secure_mobility_client 3.0.3050 |
||
cisco anyconnect_secure_mobility_client 3.0.3054 |
||
cisco anyconnect_secure_mobility_client 3.0.4235 |
||
cisco anyconnect_secure_mobility_client 3.0.5075 |
||
cisco anyconnect_secure_mobility_client 4.0.00048 |
||
cisco anyconnect_secure_mobility_client 4.0.00051 |
||
cisco anyconnect_secure_mobility_client 4.0\\(64\\) |
||
cisco anyconnect_secure_mobility_client 4.0\\(48\\) |
||
cisco anyconnect_secure_mobility_client 4.0\\(2049\\) |
||
cisco anyconnect_secure_mobility_client 2.0.0343 |
||
cisco anyconnect_secure_mobility_client 2.2.0133 |
||
cisco anyconnect_secure_mobility_client 2.4.0202 |
||
cisco anyconnect_secure_mobility_client 2.5_base |
||
cisco anyconnect_secure_mobility_client 2.5.2014 |
||
cisco anyconnect_secure_mobility_client 2.5.2018 |
||
cisco anyconnect_secure_mobility_client 3.0.0 |
||
cisco anyconnect_secure_mobility_client 3.0.1047 |
||
cisco anyconnect_secure_mobility_client 3.0.09231 |
||
cisco anyconnect_secure_mobility_client 3.0.09353 |
||
cisco anyconnect_secure_mobility_client 3.1.06073 |
||
cisco anyconnect_secure_mobility_client 3.1\\(60\\) |
||
cisco anyconnect_secure_mobility_client 4.1.0 |
||
cisco anyconnect_secure_mobility_client 2.2.0140 |
||
cisco anyconnect_secure_mobility_client 2.3.0185 |
||
cisco anyconnect_secure_mobility_client 2.3.0254 |
||
cisco anyconnect_secure_mobility_client 2.3.1003 |
||
cisco anyconnect_secure_mobility_client 2.5.3041 |
||
cisco anyconnect_secure_mobility_client 2.5.3046 |
||
cisco anyconnect_secure_mobility_client 2.5.3051 |
||
cisco anyconnect_secure_mobility_client 2.5.3054 |
||
cisco anyconnect_secure_mobility_client 2.5.3055 |
||
cisco anyconnect_secure_mobility_client 3.1.0 |
||
cisco anyconnect_secure_mobility_client 3.1.02043 |
||
cisco anyconnect_secure_mobility_client 3.1.05182 |
||
cisco anyconnect_secure_mobility_client 3.1.05187 |