Lucene search
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.CISCO_ANYCONNECT_4_2_1025.NASLHistoryJan 13, 2016 - 12:00 a.m.
Cisco AnyConnect Secure Mobility Client 2.x < 3.1.13015.0 / 4.x < 4.2.1035.0 Arbitrary File Manipulation
2016-01-1300:00:00
This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
www.tenable.com
18
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
EPSS
0
Percentile
5.1%
The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 2.x or 3.x prior to 3.1.13015.0 or 4.x prior to 4.2.1035.0. It is, therefore, affected by an arbitrary file manipulation vulnerability due to missing source path validation in interprocess communication (IPC) commands. A local attacker can exploit this, via crafted IPC messages, to move arbitrary files with elevated privileges, resulting in a loss of integrity and a denial of service condition.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(87894);
script_version("1.4");
script_cvs_date("Date: 2018/11/15 20:50:26");
script_cve_id("CVE-2015-6322");
script_bugtraq_id(77055);
script_xref(name:"CISCO-BUG-ID", value:"CSCuv48563");
script_xref(name:"CISCO-SA", value: "cisco-sa-20151008-asmc");
script_name(english:"Cisco AnyConnect Secure Mobility Client 2.x < 3.1.13015.0 / 4.x < 4.2.1035.0 Arbitrary File Manipulation");
script_summary(english:"Checks the version of the Cisco AnyConnect client.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by an arbitrary file manipulation
vulnerability.");
script_set_attribute(attribute:"description", value:
"The Cisco AnyConnect Secure Mobility Client installed on the remote
host is version 2.x or 3.x prior to 3.1.13015.0 or 4.x prior to
4.2.1035.0. It is, therefore, affected by an arbitrary file
manipulation vulnerability due to missing source path validation in
interprocess communication (IPC) commands. A local attacker can
exploit this, via crafted IPC messages, to move arbitrary files with
elevated privileges, resulting in a loss of integrity and a denial of
service condition.");
# https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2c5b4b2e");
script_set_attribute(attribute:"see_also", value:"https://tools.cisco.com/bugsearch/bug/CSCuv48563");
script_set_attribute(attribute:"solution", value:
"Upgrade to Cisco AnyConnect Secure Mobility Client version
3.1.13015.0 / 4.2.1035.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/08");
script_set_attribute(attribute:"patch_publication_date", value:"2015/12/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:anyconnect_secure_mobility_client");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
script_dependencies("cisco_anyconnect_vpn_installed.nasl");
script_require_keys("installed_sw/Cisco AnyConnect Secure Mobility Client", "SMB/Registry/Enumerated");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
get_kb_item_or_exit("SMB/Registry/Enumerated");
app_name = "Cisco AnyConnect Secure Mobility Client";
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
path = install['path'];
ver = install['version'];
if (ver =~ "^4\." && (ver_compare(ver:ver, fix:'4.2.1035.0', strict:FALSE) < 0))
fix = '4.2.1035.0';
else if (ver =~ "^[2-3]\." && ver_compare(ver:ver, fix:'3.1.13015.0', strict:FALSE) < 0)
fix = '3.1.13015.0';
else
fix = NULL;
if (!isnull(fix))
{
port = get_kb_item('SMB/transport');
if (!port) port = 445;
if (report_verbosity > 0)
{
report +=
'\n Path : ' + path +
'\n Installed version : ' + ver +
'\n Fixed version : ' + fix +
'\n';
security_warning(port:port, extra:report);
}
else security_warning(port);
exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, ver, path);
Related
prion
prion
Input validation
2015-10-12 10:59:00
nvd
nvd
CVE-2015-6322
2015-10-12 10:59:10
cvelist
cvelist
CVE-2015-6322
2015-10-12 10:00:00
cisco
cisco
Cisco AnyConnect Secure Mobility Client Arbitrary File Move Vulnerability
2015-10-08 14:26:00
cve
cve
CVE-2015-6322
2015-10-12 10:59:10
CVSS2
6.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
EPSS
0
Percentile
5.1%
Related for CISCO_ANYCONNECT_4_2_1025.NASL