CVE-2015-4211 — Cisco Anyconnect Secure Mobility Client vulnerability

CWE-2645 documents5 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 41.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedJun 24

Latest updateMay 17

Description

Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client3.1\(60\)

🔴Vulnerability Details

GHSA

GHSA-vjvj-gr2r-88wq: Cisco AnyConnect Secure Mobility Client 3↗2022-05-17

▶

CVEList

CVE-2015-4211: Cisco AnyConnect Secure Mobility Client 3↗2015-06-24

▶

💥Exploits & PoCs

Exploit-DB

Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation↗2015-09-22

▶

📋Vendor Advisories

Cisco

Cisco AnyConnect Client for Windows Privilege Escalation Vulnerability↗2015-06-23

▶