Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-6305Untrusted Search Path in Cisco Anyconnect Secure Mobility Client

CWE-426Untrusted Search PathCWE-2645 documents5 sources
Severity
7.2HIGHNVD
EPSS
2.0%
top 16.46%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Cisco Anyconnect Secure Mobility Client
Timeline
PublishedSep 26
Latest updateMay 17

Description

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-78jc-x38p-j87v: Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader2022-05-17
CVEList
CVE-2015-6305: Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader2015-09-25

💥Exploits & PoCs

1
Exploit-DB
Cisco AnyConnect Secure Mobility Client 3.1.08009 - Local Privilege Escalation2015-09-22

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability2015-09-22
CVE-2015-6305 — Untrusted Search Path in Cisco | cvebase