Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

medium Nessus Plugin ID 85541

Synopsis

The remote host is affected by an arbitrary file write vulnerability.

Description

The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0.
It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by convincing a user to connect to a malicious head-end system, to traverse outside a restricted path and thus write or overwrite arbitrary files in the active user's context.

Solution

Upgrade to Cisco AnyConnect Secure Mobility Client version 3.1.10010.0 / 4.1.4011.0 or later.

See Also

https://tools.cisco.com/security/center/viewAlert.x?alertId=40175

Plugin Details

Severity: Medium

ID: 85541

File Name: cisco_anyconnect_4_1_4011.nasl

Version: 1.5

Type: local

Agent: windows

Family: Windows

Published: 8/19/2015

Updated: 11/22/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2015-4289

Vulnerability Information

CPE: cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: SMB/Registry/Enumerated, installed_sw/Cisco AnyConnect Secure Mobility Client

Exploit Ease: No known exploits are available

Patch Publication Date: 7/30/2015

Vulnerability Publication Date: 7/30/2015

Reference Information

CVE: CVE-2015-4289

BID: 76125

CISCO-BUG-ID: CSCut93920