Kaspersky LabKLA10482KLA10482 Multiple vulnerabilities in Cisco AnyConnect SMC
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.9%
Multiple serious vulnerabilities have been found in Cisco AnyConnect Secure Mobility Client. Malicious users can exploit these vulnerabilities to gain privileges or write arbitrary files.
Below is a complete list of vulnerabilities
- An unknown vulnerability can be exploited locally via a specially deigned IPC messages;
- Improper access control implementation and other unknown vulnerability can be exploited locally via a specially designed messages.
Original advisories
Related products
Cisco-AnyConnect-Secure-Mobility-Client
CVE list
CVE-2015-0663 high
CVE-2015-0662 high
CVE-2015-0665 high
CVE-2015-0664 warning
Solution
Update to latest version!
Get AnyConnect Secure Mobility Client
Impacts
- WLF
Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Cisco AnyConnect Secure Mobility Client versions earlier than 4.0.00061
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.9%