Improper input validation in Cisco Anyconnect_secure_mobility_client

CVE-2015-0664

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (22.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Anyconnect_secure_mobility_client
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

20150314 Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1031932 (vdb-entry, x_refsource_SECTRACK)