What is CVE-2015-6305?

CVE-2015-6305 is a vulnerability in Cisco Anyconnect_secure_mobility_client, classified under Untrusted Search Path. Published 2015-09-26.

Is CVE-2015-6305 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Anyconnect_secure_mobility_client

CVE-2015-6305

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in th…

EPSS: 0.026 (86.0th percentile) — read the EPSS interpretation.

Affected products

Cisco Anyconnect_secure_mobility_client — versions 2.0.0343, 2.1.0.148, 2.2.0133
Microsoft Windows
N/a — versions n/a

Weakness classification (CWE)

CWE-426 — Untrusted Search Path

Public proof-of-concept exploits

References

1033643 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
38289 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
20150922 Cisco AnyConnect elevation of privileges via DLL side loading (mailing-list, x_refsource_FULLDISC, Third Party Advisory, VDB Entry)
20150922 Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
psirt@cisco.com (Exploit, x_refsource_MISC, Vendor Advisory)
psirt@cisco.com (VDB Entry, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2015-6305?: CVE-2015-6305 is a vulnerability in Cisco Anyconnect_secure_mobility_client, classified under Untrusted Search Path. Published 2015-09-26.
Is CVE-2015-6305 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.