Details of VAR-201503-0169

ID

VAR-201503-0169

CVE

CVE-2015-0665

TITLE

Cisco AnyConnect Secure Mobility Client of Hostscan Vulnerability in module writing to arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2015-001833

DESCRIPTION

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173

Trust: 1.71

sources: NVD: CVE-2015-0665 // JVNDB: JVNDB-2015-001833 // VULHUB: VHN-78611

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	4.0\(.00051\)	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	4.0(.00051)	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0\(.00051\)	Trust: 0.6

sources: JVNDB: JVNDB-2015-001833 // CNNVD: CNNVD-201503-347 // NVD: CVE-2015-0665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0665
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-0665
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201503-347
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-78611
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-0665
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78611
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:L/AC:L/AU:N/C:N/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78611 // JVNDB: JVNDB-2015-001833 // CNNVD: CNNVD-201503-347 // NVD: CVE-2015-0665

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-78611 // JVNDB: JVNDB-2015-001833 // NVD: CVE-2015-0665

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201503-347

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201503-347

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-001833

PATCH

title:

37862

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=37862

Trust: 0.8

sources: JVNDB: JVNDB-2015-001833

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0665	Trust: 2.5
db:	SECTRACK	id:	1031931	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-001833	Trust: 0.8
db:	CNNVD	id:	CNNVD-201503-347	Trust: 0.7
db:	VULHUB	id:	VHN-78611	Trust: 0.1

sources: VULHUB: VHN-78611 // JVNDB: JVNDB-2015-001833 // CNNVD: CNNVD-201503-347 // NVD: CVE-2015-0665

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37862	Trust: 1.7
url:	http://www.securitytracker.com/id/1031931	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0665	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0665	Trust: 0.8

sources: VULHUB: VHN-78611 // JVNDB: JVNDB-2015-001833 // CNNVD: CNNVD-201503-347 // NVD: CVE-2015-0665

SOURCES

db:	VULHUB	id:	VHN-78611
db:	JVNDB	id:	JVNDB-2015-001833
db:	CNNVD	id:	CNNVD-201503-347
db:	NVD	id:	CVE-2015-0665

LAST UPDATE DATE

2024-11-23T22:01:52.646000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78611	date:	2015-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-001833	date:	2015-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201503-347	date:	2015-03-18T00:00:00
db:	NVD	id:	CVE-2015-0665	date:	2024-11-21T02:23:29.930

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78611	date:	2015-03-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-001833	date:	2015-03-18T00:00:00
db:	CNNVD	id:	CNNVD-201503-347	date:	2015-03-18T00:00:00
db:	NVD	id:	CVE-2015-0665	date:	2015-03-17T02:01:49.867