CVE-2015-6305
Last modified
CVE-2015-6305 is a vulnerability of currently unknown severity. Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.
Description
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Anyconnect Secure Mobility Client | 2.0.0343 |
| Cisco | Anyconnect Secure Mobility Client | 2.1.0.148 |
| Cisco | Anyconnect Secure Mobility Client | 2.2.0133 |
| Cisco | Anyconnect Secure Mobility Client | 2.2.0136 |
| Cisco | Anyconnect Secure Mobility Client | 2.2.0140 |
| Cisco | Anyconnect Secure Mobility Client | 2.3.0185 |
| Cisco | Anyconnect Secure Mobility Client | 2.3.0254 |
| Cisco | Anyconnect Secure Mobility Client | 2.3.1003 |
| Cisco | Anyconnect Secure Mobility Client | 2.3.2016 |
| Cisco | Anyconnect Secure Mobility Client | 2.4.0202 |
| Cisco | Anyconnect Secure Mobility Client | 2.4.1012 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.0217 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.2006 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.2010 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.2011 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.2014 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.2017 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.2018 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.2019 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.3041 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.3046 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.3051 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.3054 |
| Cisco | Anyconnect Secure Mobility Client | 2.5.3055 |
| Cisco | Anyconnect Secure Mobility Client | 2.5_base |
| Cisco | Anyconnect Secure Mobility Client | 3.0.0 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.0629 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.1047 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.2052 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.3050 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.3054 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.4235 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.5075 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.5080 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.09231 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.09266 |
| Cisco | Anyconnect Secure Mobility Client | 3.0.09353 |
| Cisco | Anyconnect Secure Mobility Client | 3.1\(60\) |
| Cisco | Anyconnect Secure Mobility Client | 3.1.0 |
| Cisco | Anyconnect Secure Mobility Client | 3.1.02043 |
| Cisco | Anyconnect Secure Mobility Client | 3.1.05182 |
| Cisco | Anyconnect Secure Mobility Client | 3.1.05187 |
| Cisco | Anyconnect Secure Mobility Client | 3.1.06073 |
| Cisco | Anyconnect Secure Mobility Client | 3.1.07021 |
| Cisco | Anyconnect Secure Mobility Client | 4.0\(48\) |
| Cisco | Anyconnect Secure Mobility Client | 4.0\(64\) |
| Cisco | Anyconnect Secure Mobility Client | 4.0\(2049\) |
| Cisco | Anyconnect Secure Mobility Client | 4.0.0 |
| Cisco | Anyconnect Secure Mobility Client | 4.0.00048 |
| Cisco | Anyconnect Secure Mobility Client | 4.0.00051 |
Showing 50 of 51 affected configurations. See NVD for the full list.
References
- http://packetstormsecurity.com/files/133876/Cisco-AnyConnect-Secure-Mobility-Client-3.1.08009-Privilege-Elevation.htmlThird Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2015/Sep/80Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033643Third Party Advisory, VDB Entry
- https://code.google.com/p/google-security-research/issues/detail?id=460Exploit, Vendor Advisory
- https://www.exploit-db.com/exploits/38289/Exploit, Third Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/133876/Cisco-AnyConnect-Secure-Mobility-Client-3.1.08009-Privilege-Elevation.htmlThird Party Advisory, VDB Entry
- http://seclists.org/fulldisclosure/2015/Sep/80Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1033643Third Party Advisory, VDB Entry
- https://code.google.com/p/google-security-research/issues/detail?id=460Exploit, Vendor Advisory
- https://www.exploit-db.com/exploits/38289/Exploit, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-6305?
How severe is CVE-2015-6305?
How do I fix CVE-2015-6305?
Are you affected by CVE-2015-6305?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST