CVE-2015-0664: Input Validation
First published: Wed Mar 18 2015(Updated: )
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AnyConnect Secure | <=4.0\(.00051\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0664?
CVE-2015-0664 is considered to have high severity due to its potential for local privilege escalation.
How do I fix CVE-2015-0664?
To fix CVE-2015-0664, upgrade to Cisco AnyConnect Secure Mobility Client version 4.0 or later than 4.0(.00051).
What types of systems are affected by CVE-2015-0664?
CVE-2015-0664 affects systems running Cisco AnyConnect Secure Mobility Client versions up to and including 4.0(.00051).
What kind of attack does CVE-2015-0664 facilitate?
CVE-2015-0664 can facilitate local privilege escalation attacks by allowing users to write to arbitrary userspace memory locations.
Is there a workaround for CVE-2015-0664 if I cannot update immediately?
There are no official workarounds for CVE-2015-0664; the only mitigation is to apply the vendor-supplied patch or upgrade.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco anyconnect secure
- version/cisco anyconnect secure/4.0\(.00051\)