Vulnerability in Cisco Anyconnect_secure_mobility_client

CVE-2015-0761

Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug…

EPSS: 0.001 (30.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Anyconnect_secure_mobility_client — versions 4.0\(.00048\), 4.0\(.00051\)
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

74954 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
1032472 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
20150602 Cisco AnyConnect Secure Mobility Client Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)