Cisco AnyConnect Secure Mobility Client 4.0(2049) Unspecified Path Traversal Arbitrary File Manipulation

Medium Log Correlation Engine Plugin ID 801958

Synopsis

Cisco AnyConnect Secure Mobilty Client contains a vulnerability that could allow an unauthenticated, remote attacker to conduct directory traversal attacks.

Description

A vulnerability in the connection establishment process of Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, remote attacker to write or overwrite files in the active user's context.

The vulnerability is due to insufficient input validation. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to connect to a malicious head-end system. The malicious head-end system could be used to pass back crafted configuration attributes, which the attacker could leverage to execute a directory traversal attack. A successful exploit could allow the attacker to write or overwrite any file in the active user's context. The location or file must be writable by the user running the AnyConnect client.

Solution

It has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.

See Also

http://www.cisco.com/

https://tools.cisco.com/bugsearch/bug/CSCut93920

http://tools.cisco.com/security/center/viewAlert.x?alertId=40175

Plugin Details

Severity: Medium

ID: 801958

Family: Generic

Nessus ID: 85541, 85542

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2015/07/30

Vulnerability Publication Date: 2015/07/30

Reference Information

CVE: CVE-2015-4289

BID: 76125