CVE-2015-6322

Name: CVE-2015-6322
Creator: NVD / NIST
Published: 2015-10-12T10:59:10.32+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.38%

Last modified Jun 17, 2026

CVE-2015-6322 is a vulnerability of currently unknown severity. The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.

Metrics

EPSS Probability

0.38%

30.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Cisco	Anyconnect Secure Mobility Client	2.0.0343
Cisco	Anyconnect Secure Mobility Client	2.1.0148
Cisco	Anyconnect Secure Mobility Client	2.2.0133
Cisco	Anyconnect Secure Mobility Client	2.2.0136
Cisco	Anyconnect Secure Mobility Client	2.2.0140
Cisco	Anyconnect Secure Mobility Client	2.3.0185
Cisco	Anyconnect Secure Mobility Client	2.3.0254
Cisco	Anyconnect Secure Mobility Client	2.3.1003
Cisco	Anyconnect Secure Mobility Client	2.3.2016
Cisco	Anyconnect Secure Mobility Client	2.4.0202
Cisco	Anyconnect Secure Mobility Client	2.4.1012
Cisco	Anyconnect Secure Mobility Client	2.5.0217
Cisco	Anyconnect Secure Mobility Client	2.5.2006
Cisco	Anyconnect Secure Mobility Client	2.5.2010
Cisco	Anyconnect Secure Mobility Client	2.5.2011
Cisco	Anyconnect Secure Mobility Client	2.5.2014
Cisco	Anyconnect Secure Mobility Client	2.5.2017
Cisco	Anyconnect Secure Mobility Client	2.5.2018
Cisco	Anyconnect Secure Mobility Client	2.5.2019
Cisco	Anyconnect Secure Mobility Client	2.5.3041
Cisco	Anyconnect Secure Mobility Client	2.5.3046
Cisco	Anyconnect Secure Mobility Client	2.5.3051
Cisco	Anyconnect Secure Mobility Client	2.5.3054
Cisco	Anyconnect Secure Mobility Client	2.5.3055
Cisco	Anyconnect Secure Mobility Client	2.5_base
Cisco	Anyconnect Secure Mobility Client	3.0.0
Cisco	Anyconnect Secure Mobility Client	3.0.0629
Cisco	Anyconnect Secure Mobility Client	3.0.1047
Cisco	Anyconnect Secure Mobility Client	3.0.2052
Cisco	Anyconnect Secure Mobility Client	3.0.3050
Cisco	Anyconnect Secure Mobility Client	3.0.3054
Cisco	Anyconnect Secure Mobility Client	3.0.4235
Cisco	Anyconnect Secure Mobility Client	3.0.5075
Cisco	Anyconnect Secure Mobility Client	3.0.5080
Cisco	Anyconnect Secure Mobility Client	3.0.09231
Cisco	Anyconnect Secure Mobility Client	3.0.09266
Cisco	Anyconnect Secure Mobility Client	3.0.09353
Cisco	Anyconnect Secure Mobility Client	3.1\(60\)
Cisco	Anyconnect Secure Mobility Client	3.1.0
Cisco	Anyconnect Secure Mobility Client	3.1.02043
Cisco	Anyconnect Secure Mobility Client	3.1.05182
Cisco	Anyconnect Secure Mobility Client	3.1.05187
Cisco	Anyconnect Secure Mobility Client	3.1.06073
Cisco	Anyconnect Secure Mobility Client	3.1.07021
Cisco	Anyconnect Secure Mobility Client	4.0\(48\)
Cisco	Anyconnect Secure Mobility Client	4.0\(64\)
Cisco	Anyconnect Secure Mobility Client	4.0\(2049\)
Cisco	Anyconnect Secure Mobility Client	4.0.0
Cisco	Anyconnect Secure Mobility Client	4.0.00048
Cisco	Anyconnect Secure Mobility Client	4.0.00051

Showing 50 of 52 affected configurations. See NVD for the full list.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmcVendor Advisory
http://www.securitytracker.com/id/1033785Third Party Advisory, VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151008-asmcVendor Advisory
http://www.securitytracker.com/id/1033785Third Party Advisory, VDB Entry

Timeline

Published: Oct 12, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-6322?

How severe is CVE-2015-6322?

Severity scoring for CVE-2015-6322 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2015-6322?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-6322?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST