Detections
Analytics
Cisco AnyConnect Secure Mobility Client 4.1(8) install-dmg.sh DMG File Installation Embedded PKG File Handling Local Privilege Escalation
high Log Correlation Engine Plugin ID 801960
Synopsis
Cisco AnyConnect Secure Mobility Client 4.1(8) contains a vulnerability that could allow an authenticated, local attacker to elevate privileges on a targeted account.Description
A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with privileges equivalent to the Linux or Mac OS X root account.The vulnerability is due to lack of checks in the code for the path and filename of the file being installed. An attacker could exploit this vulnerability by invoking this functionality with a crafted installation file. A successful exploit could allow the attacker to execute commands on the underlying Linux or Mac OS X host with privileges equivalent to the root account.
Solution
It has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.See Also
https://tools.cisco.com/bugsearch/bug/CSCuv11947
http://tools.cisco.com/security/center/viewAlert.x?alertId=41135
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150923-CVE-2015-6306
Plugin Details
Severity: High
ID: 801960
Family: Generic
Published: 2/10/2016
Risk Information
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
Patch Publication Date: 9/30/2015
Vulnerability Publication Date: 9/23/2015
Reference Information
CVE: CVE-2015-6306