CVE-2015-6322

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
ciscoanyconnect_secure_mobility_client
2.0.0343
ciscoanyconnect_secure_mobility_client
2.1.0148
ciscoanyconnect_secure_mobility_client
2.2.0133
ciscoanyconnect_secure_mobility_client
2.2.0136
ciscoanyconnect_secure_mobility_client
2.2.0140
ciscoanyconnect_secure_mobility_client
2.3.0185
ciscoanyconnect_secure_mobility_client
2.3.0254
ciscoanyconnect_secure_mobility_client
2.3.1003
ciscoanyconnect_secure_mobility_client
2.3.2016
ciscoanyconnect_secure_mobility_client
2.4.0202
ciscoanyconnect_secure_mobility_client
2.4.1012
ciscoanyconnect_secure_mobility_client
2.5.0217
ciscoanyconnect_secure_mobility_client
2.5.2006
ciscoanyconnect_secure_mobility_client
2.5.2010
ciscoanyconnect_secure_mobility_client
2.5.2011
ciscoanyconnect_secure_mobility_client
2.5.2014
ciscoanyconnect_secure_mobility_client
2.5.2017
ciscoanyconnect_secure_mobility_client
2.5.2018
ciscoanyconnect_secure_mobility_client
2.5.2019
ciscoanyconnect_secure_mobility_client
2.5.3041
ciscoanyconnect_secure_mobility_client
2.5.3046
ciscoanyconnect_secure_mobility_client
2.5.3051
ciscoanyconnect_secure_mobility_client
2.5.3054
ciscoanyconnect_secure_mobility_client
2.5.3055
ciscoanyconnect_secure_mobility_client
2.5_base:_base
ciscoanyconnect_secure_mobility_client
3.0.0
ciscoanyconnect_secure_mobility_client
3.0.0629
ciscoanyconnect_secure_mobility_client
3.0.1047
ciscoanyconnect_secure_mobility_client
3.0.2052
ciscoanyconnect_secure_mobility_client
3.0.3050
ciscoanyconnect_secure_mobility_client
3.0.3054
ciscoanyconnect_secure_mobility_client
3.0.4235
ciscoanyconnect_secure_mobility_client
3.0.5075
ciscoanyconnect_secure_mobility_client
3.0.5080
ciscoanyconnect_secure_mobility_client
3.0.09231
ciscoanyconnect_secure_mobility_client
3.0.09266
ciscoanyconnect_secure_mobility_client
3.0.09353
ciscoanyconnect_secure_mobility_client
3.1\(60\)
ciscoanyconnect_secure_mobility_client
3.1.0
ciscoanyconnect_secure_mobility_client
3.1.02043
ciscoanyconnect_secure_mobility_client
3.1.05182
ciscoanyconnect_secure_mobility_client
3.1.05187
ciscoanyconnect_secure_mobility_client
3.1.06073
ciscoanyconnect_secure_mobility_client
3.1.07021
ciscoanyconnect_secure_mobility_client
4.0\(48\)
ciscoanyconnect_secure_mobility_client
4.0\(64\)
ciscoanyconnect_secure_mobility_client
4.0\(2049\)
ciscoanyconnect_secure_mobility_client
4.0.0
ciscoanyconnect_secure_mobility_client
4.0.00048
ciscoanyconnect_secure_mobility_client
4.0.00051
ciscoanyconnect_secure_mobility_client
4.1\(8\)
ciscoanyconnect_secure_mobility_client
4.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc
http://www.securitytracker.com/id/1033785
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmc
http://www.securitytracker.com/id/1033785