CVE-2015-0663
First published: Tue Mar 17 2015(Updated: )
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AnyConnect Secure | <=4.0\(.00051\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0663?
CVE-2015-0663 is considered a high severity vulnerability allowing local users to write to arbitrary files.
How do I fix CVE-2015-0663?
To mitigate CVE-2015-0663, update the Cisco AnyConnect Secure Mobility Client to a version later than 4.0(00051).
Who is affected by CVE-2015-0663?
CVE-2015-0663 affects users of Cisco AnyConnect Secure Mobility Client version 4.0(00051) and earlier.
What type of vulnerability is CVE-2015-0663?
CVE-2015-0663 is an access control vulnerability related to improper handling of IPC messages.
Can CVE-2015-0663 be exploited remotely?
No, CVE-2015-0663 requires local access, as it allows exploitation through IPC messages from local users.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco anyconnect secure
- version/cisco anyconnect secure/4.0\(.00051\)