Path Traversal in Cisco Anyconnect_secure_mobility_client

CVE-2015-4289

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.005 (67.5th percentile) — read the EPSS interpretation.

Affected products

Cisco Anyconnect_secure_mobility_client — versions 4.0\(2049\)
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

20150730 Cisco AnyConnect Secure Mobilty Client Directory Traversal Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1033173 (vdb-entry, x_refsource_SECTRACK)