CVE-2015-0665 Cisco AnyConnect Secure Mobility Client Multiple Security Vulnerabilities

漏洞类别:Local

漏洞等级:

漏洞信息

Cisco AnyConnect is a VPN Client for multiple platforms.

The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities:
– The vulnerability is due to insufficient path traversal protections in certain IPC commands which could allow an attacker to write or overwrite arbitrary files on the filesystem.
– The vulnerability is due to missing input sanitization of certain IPC commands which may allow the attacker to write to arbitrary user-space memory.

Affected Versions:
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier

漏洞危害

Successful exploitation will allow an attacker to execute arbitrary code, disclose sensitive information and overwrite arbitrary files on the filesystem.

解决方案

Cisco has confirmed the vulnerability however no patch is available as of now.

Workaround:
Administrators are advised to contact the vendor regarding future updates and releases.

Leave a Reply