CVE-2015-0665
Description
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
Risk Information
Base Score
5.5
MODERATE
Vector
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.075
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 4.0 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 4.0(.00051) | Windows |
| Vulnerabilities CVE-2015-0662,CVE-2015-0663,CVE-2015-0664,CVE-2015-0665 are affected in Cisco AnyConnect Secure Mobility Client for Mac 4.0(.00051) | Mac |
| Vulnerabilities CVE-2015-0662,CVE-2015-0663,CVE-2015-0664,CVE-2015-0665 are affected in Cisco AnyConnect Secure Mobility Client for Mac 4.0(.00051) | Mac |
| Cisco AnyConnect Secure Mobility Client Hostscan Path Traversal Vulnerability For Cisco AnyConnect Secure Mobility Client | NCM |
| Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2015-0665) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-338372 | Cisco AnyConnect Secure Mobility Client (4.10.08029) (Manual Upload Required) |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234