Path Traversal in Cisco Anyconnect_secure_mobility_client

CVE-2015-0665

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.001 (22.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Anyconnect_secure_mobility_client
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

20150314 Cisco AnyConnect Secure Mobility Client Hostscan Path Traversal Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1031931 (vdb-entry, x_refsource_SECTRACK)