Vulnslist

find the latest Cisco vulnerabilities

Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability

Cisco-SA-20150730-CVE-2015-4289 · Medium · Published · Updated

A vulnerability in the connection establishment process of Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to write or overwrite files in the active user's context. The vulnerability is due to insufficient input validation. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to connect to a malicious head-end system. The malicious head-end system could be used to pass back crafted configuration attributes, which the attacker could leverage to execute a directory traversal attack. A successful exploit could allow the attacker to write or overwrite any file in the active user's context. The location or file must be writable by the user running the AnyConnect client. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker would need to convince a targeted user to connect to a malicious head-end system. The attacker may use misleading language and instructions or other social engineering techniques to trick users.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4289
Cisco Bug IDsCSCut93920
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
Product Names From Source
Cisco AnyConnect Secure Mobility Client, Cisco Secure Client

Related Products

Product CVE Evidence
Cisco Secure Client CVE-2015-4289 Cisco OpenVuln
Cisco AnyConnect Secure Mobility Client CVE-2015-4289 Cisco OpenVuln