CVE-2015-0662
Description
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
Risk Information
Base Score
7.8
MODERATE
Vector
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.084
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 4.0 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 4.0(.00051) | Windows |
| Vulnerabilities CVE-2015-0662,CVE-2015-0663,CVE-2015-0664,CVE-2015-0665 are affected in Cisco AnyConnect Secure Mobility Client for Mac 4.0(.00051) | Mac |
| Vulnerabilities CVE-2015-0662,CVE-2015-0663,CVE-2015-0664,CVE-2015-0665 are affected in Cisco AnyConnect Secure Mobility Client for Mac 4.0(.00051) | Mac |
| Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability For Cisco AnyConnect Secure Mobility Client | NCM |
| CVE-2015-0662 | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-338372 | Cisco AnyConnect Secure Mobility Client (4.10.08029) (Manual Upload Required) |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234