Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

Medium Nessus Plugin ID 85541


The remote host is affected by an arbitrary file write vulnerability.


The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0.
It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by convincing a user to connect to a malicious head-end system, to traverse outside a restricted path and thus write or overwrite arbitrary files in the active user's context.


Upgrade to Cisco AnyConnect Secure Mobility Client version 3.1.10010.0 / 4.1.4011.0 or later.

See Also

Plugin Details

Severity: Medium

ID: 85541

File Name: cisco_anyconnect_4_1_4011.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2015/08/19

Modified: 2017/04/27

Dependencies: 54953

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: installed_sw/Cisco AnyConnect Secure Mobility Client, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/07/30

Vulnerability Publication Date: 2015/07/30

Reference Information

CVE: CVE-2015-4289

BID: 76125

OSVDB: 125590