CVE-2015-6322

Опубликовано: 12 окт. 2015

Источник: nvd

CVSS2: 6.6

EPSS Низкий

Описание

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc
Vendor Advisory
http://www.securitytracker.com/id/1033785
Third Party Advisory
VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc
Vendor Advisory
http://www.securitytracker.com/id/1033785
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0.0343:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1.0148:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0133:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0136:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.0140:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0185:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.0254:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.1003:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.1012:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.0217:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2006:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2010:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2011:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2014:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2017:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2018:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2019:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3041:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3046:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3051:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3054:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.3055:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5_base:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0629:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.1047:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.2052:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3050:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.3054:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.4235:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5075:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.5080:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09231:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09266:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.09353:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1\(60\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.02043:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05182:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.05187:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.06073:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.07021:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(48\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(64\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(2049\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00048:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0.00051:*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1\(8\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 26%

0.00093

Низкий

6.6 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-wgf2-prq4-m36f

github

больше 3 лет назад

BDU:2015-11714

fstec

больше 10 лет назад

Уязвимость средства криптографической защиты Cisco AnyConnect Secure Mobility Client, позволяющая нарушителю переместить произвольные файлы