CVE-2015-0665 — Path Traversal in Cisco Anyconnect Secure Mobility Client

CWE-22 — Path Traversal4 documents4 sources

Severity

6.6MEDIUMNVD

EPSS

0.1%

top 77.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedMar 17

Latest updateMay 17

Description

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.

CVSS vector

AV:L/AC:L/C:N/I:C/A:CExploitability: 3.9 | Impact: 9.2

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client4.0\(.00051\)

🔴Vulnerability Details

GHSA

GHSA-97h6-h2xq-qh36: The Hostscan module in Cisco AnyConnect Secure Mobility Client 4↗2022-05-17

▶

CVEList

CVE-2015-0665: The Hostscan module in Cisco AnyConnect Secure Mobility Client 4↗2015-03-17

▶

📋Vendor Advisories

Cisco

Cisco AnyConnect Secure Mobility Client Hostscan Path Traversal Vulnerability↗2015-03-14

▶