3 matches found
Cisco AnyConnect Secure Mobility Client 3.x < 3.1.11004.0 / 4.x < 4.1.6020.0 Privilege Escalation
The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 3.x prior to 3.1.11004.0 or 4.x prior to 4.1.6020.0. It is, therefore, affected by an untrusted search path flaw in the CMainThread::launchDownloader method due to a failure to check the path to the downloader...
CVE-2015-6305
CVE-2015-6305 affects Cisco AnyConnect Secure Mobility Client for Windows (versions 2.0–4.1). The issue arises from untrusted search path handling in vpndownloader.exe’s CMainThread::launchDownloader, enabling a local attacker with valid credentials to plant a malicious DLL in the current working...
CVE-2015-4211
Cisco AnyConnect Secure Mobility Client on Windows has a local privilege escalation via path validation failure in the vpndownloader launcher (CMainThread::launchDownloader). A crafted DLL load path (DLL planting) and the downloader’s location bypass the intended checks, enabling a local user to ...