Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) IPC Channel Source-path Validation Failure Local File Location Manipulation

Medium

Synopsis

Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) IPC channel allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation

Description

A vulnerability in interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to move arbitrary files with elevated privileges.

The vulnerability is due to missing source path validation in certain IPC commands. An attacker could exploit this vulnerability by sending crafted IPC messages. An exploit could allow the attacker to move arbitrary files with elevated privileges, which could affect the integrity of the system and cause a denial of service condition.

Solution

We are not currently aware of a solution for this vulnerability.