CVE-2015-6305
First published: Fri Sep 25 2015(Updated: )
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AnyConnect Secure | =2.0.0343 | |
| Cisco AnyConnect Secure | =2.1.0.148 | |
| Cisco AnyConnect Secure | =2.2.0133 | |
| Cisco AnyConnect Secure | =2.2.0136 | |
| Cisco AnyConnect Secure | =2.2.0140 | |
| Cisco AnyConnect Secure | =2.3.0185 | |
| Cisco AnyConnect Secure | =2.3.0254 | |
| Cisco AnyConnect Secure | =2.3.1003 | |
| Cisco AnyConnect Secure | =2.3.2016 | |
| Cisco AnyConnect Secure | =2.4.0202 | |
| Cisco AnyConnect Secure | =2.4.1012 | |
| Cisco AnyConnect Secure | =2.5.0217 | |
| Cisco AnyConnect Secure | =2.5.2006 | |
| Cisco AnyConnect Secure | =2.5.2010 | |
| Cisco AnyConnect Secure | =2.5.2011 | |
| Cisco AnyConnect Secure | =2.5.2014 | |
| Cisco AnyConnect Secure | =2.5.2017 | |
| Cisco AnyConnect Secure | =2.5.2018 | |
| Cisco AnyConnect Secure | =2.5.2019 | |
| Cisco AnyConnect Secure | =2.5.3041 | |
| Cisco AnyConnect Secure | =2.5.3046 | |
| Cisco AnyConnect Secure | =2.5.3051 | |
| Cisco AnyConnect Secure | =2.5.3054 | |
| Cisco AnyConnect Secure | =2.5.3055 | |
| Cisco AnyConnect Secure | =2.5_base | |
| Cisco AnyConnect Secure | =3.0.0 | |
| Cisco AnyConnect Secure | =3.0.0629 | |
| Cisco AnyConnect Secure | =3.0.1047 | |
| Cisco AnyConnect Secure | =3.0.2052 | |
| Cisco AnyConnect Secure | =3.0.3050 | |
| Cisco AnyConnect Secure | =3.0.3054 | |
| Cisco AnyConnect Secure | =3.0.4235 | |
| Cisco AnyConnect Secure | =3.0.5075 | |
| Cisco AnyConnect Secure | =3.0.5080 | |
| Cisco AnyConnect Secure | =3.0.09231 | |
| Cisco AnyConnect Secure | =3.0.09266 | |
| Cisco AnyConnect Secure | =3.0.09353 | |
| Cisco AnyConnect Secure | =3.1\(60\) | |
| Cisco AnyConnect Secure | =3.1.0 | |
| Cisco AnyConnect Secure | =3.1.02043 | |
| Cisco AnyConnect Secure | =3.1.05182 | |
| Cisco AnyConnect Secure | =3.1.05187 | |
| Cisco AnyConnect Secure | =3.1.06073 | |
| Cisco AnyConnect Secure | =3.1.07021 | |
| Cisco AnyConnect Secure | =4.0\(48\) | |
| Cisco AnyConnect Secure | =4.0\(64\) | |
| Cisco AnyConnect Secure | =4.0\(2049\) | |
| Cisco AnyConnect Secure | =4.0.0 | |
| Cisco AnyConnect Secure | =4.0.00048 | |
| Cisco AnyConnect Secure | =4.0.00051 | |
| Cisco AnyConnect Secure | =4.1.0 | |
| Microsoft Windows Operating System |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/133876/Cisco-AnyConnect-Secure-Mobility-Client-3.1.08009-Privilege-Elevation.html
- http://seclists.org/fulldisclosure/2015/Sep/80
- http://tools.cisco.com/security/center/viewAlert.x?alertId=41136
- http://www.securitytracker.com/id/1033643
- https://code.google.com/p/google-security-research/issues/detail?id=460
- https://www.exploit-db.com/exploits/38289/
Frequently Asked Questions
What is the severity of CVE-2015-6305?
CVE-2015-6305 is considered a medium severity vulnerability that allows local users to gain elevated privileges.
How do I fix CVE-2015-6305?
To fix CVE-2015-6305, ensure that you update Cisco AnyConnect Secure Mobility Client to the latest version provided by Cisco.
Which versions of Cisco AnyConnect are affected by CVE-2015-6305?
CVE-2015-6305 affects Cisco AnyConnect Secure Mobility Client versions ranging from 2.0 through 4.1.
Can CVE-2015-6305 be exploited remotely?
No, CVE-2015-6305 requires local access to the vulnerable system to exploit the untrusted search path vulnerability.
What is the impact of CVE-2015-6305 on affected systems?
The impact of CVE-2015-6305 allows local users to execute a Trojan horse DLL in the current working directory, leading to potential privilege escalation.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco anyconnect secure
- version/cisco anyconnect secure/2.0.0343
- version/cisco anyconnect secure/2.1.0.148
- version/cisco anyconnect secure/2.2.0133
- version/cisco anyconnect secure/2.2.0136
- version/cisco anyconnect secure/2.2.0140
- version/cisco anyconnect secure/2.3.0185
- version/cisco anyconnect secure/2.3.0254
- version/cisco anyconnect secure/2.3.1003
- version/cisco anyconnect secure/2.3.2016
- version/cisco anyconnect secure/2.4.0202
- version/cisco anyconnect secure/2.4.1012
- version/cisco anyconnect secure/2.5.0217
- version/cisco anyconnect secure/2.5.2006
- version/cisco anyconnect secure/2.5.2010
- version/cisco anyconnect secure/2.5.2011
- version/cisco anyconnect secure/2.5.2014
- version/cisco anyconnect secure/2.5.2017
- version/cisco anyconnect secure/2.5.2018
- version/cisco anyconnect secure/2.5.2019
- version/cisco anyconnect secure/2.5.3041
- version/cisco anyconnect secure/2.5.3046
- version/cisco anyconnect secure/2.5.3051
- version/cisco anyconnect secure/2.5.3054
- version/cisco anyconnect secure/2.5.3055
- version/cisco anyconnect secure/2.5_base
- version/cisco anyconnect secure/3.0.0
- version/cisco anyconnect secure/3.0.0629
- version/cisco anyconnect secure/3.0.1047
- version/cisco anyconnect secure/3.0.2052
- version/cisco anyconnect secure/3.0.3050
- version/cisco anyconnect secure/3.0.3054
- version/cisco anyconnect secure/3.0.4235
- version/cisco anyconnect secure/3.0.5075
- version/cisco anyconnect secure/3.0.5080
- version/cisco anyconnect secure/3.0.09231
- version/cisco anyconnect secure/3.0.09266
- version/cisco anyconnect secure/3.0.09353
- version/cisco anyconnect secure/3.1\(60\)
- version/cisco anyconnect secure/3.1.0
- version/cisco anyconnect secure/3.1.02043
- version/cisco anyconnect secure/3.1.05182
- version/cisco anyconnect secure/3.1.05187
- version/cisco anyconnect secure/3.1.06073
- version/cisco anyconnect secure/3.1.07021
- version/cisco anyconnect secure/4.0\(48\)
- version/cisco anyconnect secure/4.0\(64\)
- version/cisco anyconnect secure/4.0\(2049\)
- version/cisco anyconnect secure/4.0.0
- version/cisco anyconnect secure/4.0.00048
- version/cisco anyconnect secure/4.0.00051
- version/cisco anyconnect secure/4.1.0
- vendor/microsoft
- canonical/microsoft windows operating system