CVE-2015-6322

Public PoC / Exploit

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.

Weaknesses (CWE)

CWE-264

Affected Products (52)

cisco · anyconnect_secure_mobility_clientvulnerable

cisco · anyconnect_secure_mobility_client

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc

Vendor Advisory

http://www.securitytracker.com/id/1033785

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc

Vendor Advisory

http://www.securitytracker.com/id/1033785

Third Party AdvisoryVDB Entry