NVD

Id
27245  
Name
CVE-2015-6305  
Description
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2015-09-25  
Modified Date
2016-12-12  
Seq
2015-6305  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
143697 27245 CVE-2015-6305 http://packetstormsecurity.com/files/133876/Cisco-AnyConnect-Secure-Mobility-Client-3.1.08009-Privilege-Elevation.html  View
143698 27245 CVE-2015-6305 20150922 Cisco AnyConnect elevation of privileges via DLL side loading  View
143699 27245 CVE-2015-6305 20150922 Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability  View
143700 27245 CVE-2015-6305 1033643  View
143701 27245 CVE-2015-6305 https://code.google.com/p/google-security-research/issues/detail?id=460  View
143702 27245 CVE-2015-6305 38289  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9637 JVNDB-2015-004957 Windows 上で稼働する Cisco AnyConnect Secure Mobility Client の vpndownloader.exe における権限を取得される脆弱性 Windows 上で稼働する Cisco AnyConnect Secure Mobility Client の vpndownloader.exe の CMainThread::launchDownloader 関数には、検索パスに関する処理に不備があるため、権限を取得される脆弱性が存在します。 CVE-2015-6305 83530 CVE-2015-6305 27245 7.2 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-004957.html 2015-09-22 2015-09-30 View