Code injection

2016-08-2521:59:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

CPENameOperatorVersion
anyconnect_secure_mobility_clienteq4.0.00051
anyconnect_secure_mobility_clienteq2.5.0-base
anyconnect_secure_mobility_clienteq2.5.3046
anyconnect_secure_mobility_clienteq2.5.3041
anyconnect_secure_mobility_clienteq2.5.2017
anyconnect_secure_mobility_clienteq4.3.01095
anyconnect_secure_mobility_clienteq3.1.05182
anyconnect_secure_mobility_clienteq3.0.09231
anyconnect_secure_mobility_clienteq2.2.0136
anyconnect_secure_mobility_clienteq3.0.5080

Name	Operator	Version
anyconnect_secure_mobility_client	eq	4.0.00051
anyconnect_secure_mobility_client	eq	2.5.0-base
anyconnect_secure_mobility_client	eq	2.5.3046
anyconnect_secure_mobility_client	eq	2.5.3041
anyconnect_secure_mobility_client	eq	2.5.2017
anyconnect_secure_mobility_client	eq	4.3.01095
anyconnect_secure_mobility_client	eq	3.1.05182
anyconnect_secure_mobility_client	eq	3.0.09231
anyconnect_secure_mobility_client	eq	2.2.0136
anyconnect_secure_mobility_client	eq	3.0.5080