SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco AnyConnect Secure Mobility Client Vendors:   Cisco
Cisco AnyConnect Secure Mobility Client Lets Local Users Write Arbitrary Files
SecurityTracker Alert ID:  1031930
SecurityTracker URL:  http://securitytracker.com/id/1031930
CVE Reference:   CVE-2015-0663   (Links to External Site)
Date:  Mar 17 2015
Impact:   Modification of system information, Modification of user information
Vendor Confirmed:  Yes  
Version(s): 4.0(.00051) and prior
Description:   A vulnerability was reported in Cisco AnyConnect Secure Mobility Client. A local user can write arbitrary files on the target system.

A local user can send specially crafted inter-process communication (IPC) messages to write files to arbitrary locations on the target filesystem or overwrite arbitrary files on the target system.

The vendor has assigned bug ID CSCus79392 to this vulnerability.

Impact:   A local user can write arbitrary files on the target system.
Solution:   No solution was available at the time of this entry.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/viewAlert.x?alertId=37863

Vendor URL:  tools.cisco.com/security/center/viewAlert.x?alertId=37863 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC