CVE-2015-4290 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Anyconnect Secure Mobility Client

CWE-119 β€” Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.1%
top 75.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Anyconnect Secure Mobility Client
Timeline
PublishedJul 29
Latest updateMay 17

Description

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-2m5q-52fx-w72m: The kernel extension in Cisco AnyConnect Secure Mobility Client 4β†—2022-05-17
β–Ά
CVEList
CVE-2015-4290: The kernel extension in Cisco AnyConnect Secure Mobility Client 4β†—2015-07-29
β–Ά

πŸ“‹Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client Local Denial of Service Vulnerability↗2015-07-28
β–Ά
CVE-2015-4290 β€” Cisco vulnerability | cvebase