Vulnerability in Cisco Anyconnect_secure_mobility_client

CVE-2015-4211

Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.

EPSS: 0.004 (59.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Anyconnect_secure_mobility_client — versions 3.1\(60\)
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20150623 Cisco AnyConnect Client for Windows Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032704 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
75373 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)