Cisco AnyConnect Secure Mobility Client 3.1(60) Privilege Escalation Vulnerability

High Log Correlation Engine Plugin ID 801955

Synopsis

Cisco AnyConnect Secure Mobility Client for Windows contain a vulnerability that could allow an authenticated, local attacker to gain elevated privileges.

Description

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account.

The vulnerability is due to a lack of checks in the code for the path and filename of the file that is to be installed. An attacker could exploit this vulnerability by creating a specially modified INF file. An exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account.

Solution

It has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.

See Also

http://www.cisco.com/

https://tools.cisco.com/bugsearch/bug/CSCus65862

http://tools.cisco.com/security/center/viewAlert.x?alertId=39466

Plugin Details

Severity: High

ID: 801955

Family: Generic

Nessus ID: 84761

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2015/06/23

Vulnerability Publication Date: 2015/06/23

Reference Information

CVE: CVE-2015-2411

BID: 75631