Vulnslist

find the latest Cisco vulnerabilities

Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability

Cisco-SA-20150728-CVE-2015-4290 · Medium · Published · Updated

A vulnerability in the kernel extension for Mac OS X of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient bounds checking. An attacker could exploit this vulnerability by crafting a piece of contiguous data in memory that is read by the client software. An exploit could allow the attacker to cause an OS X kernel panic. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker must authenticate and have local access to the targeted device. These access requirements may reduce the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to access local systems.

Administrators are advised to allow only privileged users to access administration or management systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4290
Cisco Bug IDsCSCut12255
CVSS ScoreBase 4.6
Base 4.6 AV:L/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
Product Names From Source
Cisco AnyConnect Secure Mobility Client, Cisco Secure Client

Related Products

Product CVE Evidence
Cisco Secure Client CVE-2015-4290 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2015-4290 Cisco OpenVuln