CVE-2015-4289 — Path Traversal in Cisco Anyconnect Secure Mobility Client

CWE-22 — Path Traversal CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.5%

top 32.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedAug 1

Latest updateMay 17

Description

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client4.0\(2049\)

🔴Vulnerability Details

GHSA

GHSA-h83x-38m4-m38j: Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4↗2022-05-17

▶

CVEList

CVE-2015-4289: Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4↗2015-08-01

▶

📋Vendor Advisories

Cisco

Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability↗2015-07-30

▶