Cisco AnyConnect Secure Mobility Client < 3.1.8009.0 / 4.0.x < 4.0.2052.0 / 4.1.x < 220.127.116.11 Multiple Vulnerabilities
Medium Nessus Plugin ID 85266
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.8009.0, or is version 4.0.x prior to 4.0.2052.0, or version 4.1.x prior to 18.104.22.168. It is, therefore, affected by the following vulnerabilities :
- A flaw exists due to not sanitizing the input of IPC commands. A local attacker, using a specially crafted IPC command, can exploit this to write to arbitrary user space memory and execute code with escalated privileges.
- A path traversal flaw exists due to the Hostscan module not properly sanitizing user input in certain IPC commands. A local, authenticated attacker, using a specially crafted IPC command, can exploit this to traverse outside restricted paths and write or overwrite arbitrary files. (CVE-2015-0665)
SolutionUpgrade to Cisco AnyConnect Secure Mobility Client version 3.1.8009.0 / 4.0.2052.0 / 22.214.171.124 or later