Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2015-6305

Disclosure Date: September 26, 2015
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • cisco

Products

  • anyconnect secure mobility client 2.0.0343,
  • anyconnect secure mobility client 2.1.0.148,
  • anyconnect secure mobility client 2.2.0133,
  • anyconnect secure mobility client 2.2.0136,
  • anyconnect secure mobility client 2.2.0140,
  • anyconnect secure mobility client 2.3.0185,
  • anyconnect secure mobility client 2.3.0254,
  • anyconnect secure mobility client 2.3.1003,
  • anyconnect secure mobility client 2.3.2016,
  • anyconnect secure mobility client 2.4.0202,
  • anyconnect secure mobility client 2.4.1012,
  • anyconnect secure mobility client 2.5 base,
  • anyconnect secure mobility client 2.5.0217,
  • anyconnect secure mobility client 2.5.2006,
  • anyconnect secure mobility client 2.5.2010,
  • anyconnect secure mobility client 2.5.2011,
  • anyconnect secure mobility client 2.5.2014,
  • anyconnect secure mobility client 2.5.2017,
  • anyconnect secure mobility client 2.5.2018,
  • anyconnect secure mobility client 2.5.2019,
  • anyconnect secure mobility client 2.5.3041,
  • anyconnect secure mobility client 2.5.3046,
  • anyconnect secure mobility client 2.5.3051,
  • anyconnect secure mobility client 2.5.3054,
  • anyconnect secure mobility client 2.5.3055,
  • anyconnect secure mobility client 3.0.0,
  • anyconnect secure mobility client 3.0.0629,
  • anyconnect secure mobility client 3.0.09231,
  • anyconnect secure mobility client 3.0.09266,
  • anyconnect secure mobility client 3.0.09353,
  • anyconnect secure mobility client 3.0.1047,
  • anyconnect secure mobility client 3.0.2052,
  • anyconnect secure mobility client 3.0.3050,
  • anyconnect secure mobility client 3.0.3054,
  • anyconnect secure mobility client 3.0.4235,
  • anyconnect secure mobility client 3.0.5075,
  • anyconnect secure mobility client 3.0.5080,
  • anyconnect secure mobility client 3.1(60),
  • anyconnect secure mobility client 3.1.0,
  • anyconnect secure mobility client 3.1.02043,
  • anyconnect secure mobility client 3.1.05182,
  • anyconnect secure mobility client 3.1.05187,
  • anyconnect secure mobility client 3.1.06073,
  • anyconnect secure mobility client 3.1.07021,
  • anyconnect secure mobility client 4.0(2049),
  • anyconnect secure mobility client 4.0(48),
  • anyconnect secure mobility client 4.0(64),
  • anyconnect secure mobility client 4.0.0,
  • anyconnect secure mobility client 4.0.00048,
  • anyconnect secure mobility client 4.0.00051,
  • anyconnect secure mobility client 4.1.0
Technical Analysis