First published: Fri Sep 25 2015(Updated: )
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Anyconnect Secure Mobility Client | =2.0.0343 | |
Cisco Anyconnect Secure Mobility Client | =2.1.0.148 | |
Cisco Anyconnect Secure Mobility Client | =2.2.0133 | |
Cisco Anyconnect Secure Mobility Client | =2.2.0136 | |
Cisco Anyconnect Secure Mobility Client | =2.2.0140 | |
Cisco Anyconnect Secure Mobility Client | =2.3.0185 | |
Cisco Anyconnect Secure Mobility Client | =2.3.0254 | |
Cisco Anyconnect Secure Mobility Client | =2.3.1003 | |
Cisco Anyconnect Secure Mobility Client | =2.3.2016 | |
Cisco Anyconnect Secure Mobility Client | =2.4.0202 | |
Cisco Anyconnect Secure Mobility Client | =2.4.1012 | |
Cisco Anyconnect Secure Mobility Client | =2.5.0217 | |
Cisco Anyconnect Secure Mobility Client | =2.5.2006 | |
Cisco Anyconnect Secure Mobility Client | =2.5.2010 | |
Cisco Anyconnect Secure Mobility Client | =2.5.2011 | |
Cisco Anyconnect Secure Mobility Client | =2.5.2014 | |
Cisco Anyconnect Secure Mobility Client | =2.5.2017 | |
Cisco Anyconnect Secure Mobility Client | =2.5.2018 | |
Cisco Anyconnect Secure Mobility Client | =2.5.2019 | |
Cisco Anyconnect Secure Mobility Client | =2.5.3041 | |
Cisco Anyconnect Secure Mobility Client | =2.5.3046 | |
Cisco Anyconnect Secure Mobility Client | =2.5.3051 | |
Cisco Anyconnect Secure Mobility Client | =2.5.3054 | |
Cisco Anyconnect Secure Mobility Client | =2.5.3055 | |
Cisco Anyconnect Secure Mobility Client | =2.5_base | |
Cisco Anyconnect Secure Mobility Client | =3.0.0 | |
Cisco Anyconnect Secure Mobility Client | =3.0.0629 | |
Cisco Anyconnect Secure Mobility Client | =3.0.1047 | |
Cisco Anyconnect Secure Mobility Client | =3.0.2052 | |
Cisco Anyconnect Secure Mobility Client | =3.0.3050 | |
Cisco Anyconnect Secure Mobility Client | =3.0.3054 | |
Cisco Anyconnect Secure Mobility Client | =3.0.4235 | |
Cisco Anyconnect Secure Mobility Client | =3.0.5075 | |
Cisco Anyconnect Secure Mobility Client | =3.0.5080 | |
Cisco Anyconnect Secure Mobility Client | =3.0.09231 | |
Cisco Anyconnect Secure Mobility Client | =3.0.09266 | |
Cisco Anyconnect Secure Mobility Client | =3.0.09353 | |
Cisco Anyconnect Secure Mobility Client | =3.1\(60\) | |
Cisco Anyconnect Secure Mobility Client | =3.1.0 | |
Cisco Anyconnect Secure Mobility Client | =3.1.02043 | |
Cisco Anyconnect Secure Mobility Client | =3.1.05182 | |
Cisco Anyconnect Secure Mobility Client | =3.1.05187 | |
Cisco Anyconnect Secure Mobility Client | =3.1.06073 | |
Cisco Anyconnect Secure Mobility Client | =3.1.07021 | |
Cisco Anyconnect Secure Mobility Client | =4.0\(48\) | |
Cisco Anyconnect Secure Mobility Client | =4.0\(64\) | |
Cisco Anyconnect Secure Mobility Client | =4.0\(2049\) | |
Cisco Anyconnect Secure Mobility Client | =4.0.0 | |
Cisco Anyconnect Secure Mobility Client | =4.0.00048 | |
Cisco Anyconnect Secure Mobility Client | =4.0.00051 | |
Cisco Anyconnect Secure Mobility Client | =4.1.0 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.