CVE-2015-0755 — Improper Access Control in Cisco Anyconnect Secure Mobility Client

CWE-284 — Improper Access Control CWE-2645 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 82.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedMay 29

Latest updateMay 17

Description

The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.1 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client4.0\(64\)

🔴Vulnerability Details

GHSA

GHSA-cpj2-rr99-jx3f: The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4↗2022-05-17

▶

CVEList

CVE-2015-0755: The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4↗2015-05-29

▶

📋Vendor Advisories

Cisco

Cisco Identity Services Engine Privilege Escalation Vulnerability↗2015-05-27

▶