CVE-2015-6322

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-6322
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.

6.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc Vendor Advisory
http://www.securitytracker.com/id/1033785 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0.0343:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1.0148:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0133:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0136:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0140:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0185:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0254:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.1003:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.1012:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.0217:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2006:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2010:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2011:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2014:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2017:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2018:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2019:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3041:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3046:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3051:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3054:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3055:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5_base:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0629:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.1047:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.2052:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3050:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3054:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.4235:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5075:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5080:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09231:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09266:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09353:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1\(60\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.02043:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05182:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05187:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.06073:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.07021:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(48\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(64\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(2049\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00048:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00051:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1\(8\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-10-12 10:59

Updated : 2016-12-12 19:40

NVD link : CVE-2015-6322

Mitre link : CVE-2015-6322

CVE.ORG link : CVE-2015-6322

JSON object : View

Products Affected

cisco

  • anyconnect_secure_mobility_client
CWE
CWE-264

Permissions, Privileges, and Access Controls