Vulnerability in Cisco Anyconnect_secure_mobility_client

CVE-2015-0663

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.

EPSS: 0.001 (24.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Anyconnect_secure_mobility_client
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20150314 Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1031930 (vdb-entry, x_refsource_SECTRACK)