Cisco AnyConnect Secure Mobility Client 4.1(8) install-dmg.sh DMG File Installation Embedded PKG File Handling Local Privilege Escalation

High Log Correlation Engine Plugin ID 801960

Synopsis

Cisco AnyConnect Secure Mobility Client 4.1(8) contains a vulnerability that could allow an authenticated, local attacker to elevate privileges on a targeted account.

Description

A vulnerability in the code responsible for the self-updating feature of Cisco AnyConnect Secure Mobility Client for Linux and the Cisco AnyConnect Secure Mobility Client for Mac OS X could allow an authenticated, local attacker to execute an arbitrary executable file of its choosing with privileges equivalent to the Linux or Mac OS X root account.

The vulnerability is due to lack of checks in the code for the path and filename of the file being installed. An attacker could exploit this vulnerability by invoking this functionality with a crafted installation file. A successful exploit could allow the attacker to execute commands on the underlying Linux or Mac OS X host with privileges equivalent to the root account.

Solution

It has been reported that this issue has been fixed, although Cisco has not published any details. They have advised users seeking fixes to contact the normal support channels to do so.

See Also

http://www.cisco.com/

https://tools.cisco.com/bugsearch/bug/CSCuv11947

http://tools.cisco.com/security/center/viewAlert.x?alertId=41135

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150923-CVE-2015-6306

http://seclists.org/fulldisclosure/2015/Sep/107

https://www.securify.nl/advisory/SFY20150701/cisco_anyconnect_elevation_of_privileges_via_dmg_install_script.html

https://packetstormsecurity.com/files/133685/Cisco-AnyConnect-DMG-Install-Script-Privilege-Escalation.html

Plugin Details

Severity: High

ID: 801960

File Name: 801960.prm

Family: Generic

Published: 2016/02/10

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2015/09/30

Vulnerability Publication Date: 2015/09/23

Reference Information

CVE: CVE-2015-6306