Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-6306 — Cisco Anyconnect Secure Mobility Client vulnerability

CWE-2645 documents5 sources

Severity

7.2HIGHNVD

EPSS

3.5%

top 12.30%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedSep 26

Latest updateMay 14

Description

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client4.1.\(8\)

Patches

Patch: www.securify.nl ↗Patch: www.securify.nl ↗

🔴Vulnerability Details

GHSA

GHSA-3rhg-qq6v-6gmc: Cisco AnyConnect Secure Mobility Client 4↗2022-05-14

▶

CVEList

CVE-2015-6306: Cisco AnyConnect Secure Mobility Client 4↗2015-09-25

▶

💥Exploits & PoCs

Exploit-DB

Cisco AnyConnect 3.1.08009 - Local Privilege Escalation (via DMG Install Script)↗2015-09-23

▶

📋Vendor Advisories

Cisco

Cisco AnyConnect Secure Mobility Client for Linux and Mac OS X Privilege Escalation Vulnerability↗2015-09-23

▶