ID
VAR-201505-0197
CVE
CVE-2015-0755
TITLE
Cisco AnyConnect Secure Mobility Client Distributed by Cisco Identity Services Engine for Posture Vulnerability in obtaining privileges in module
Trust: 0.8
DESCRIPTION
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. Vendors report this vulnerability Bug ID CSCut05797 Published as. Supplementary information : CWE Vulnerability types by CWE-284: Improper Access Control ( Improper access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlLocal users may gain privileges via unspecified commands. An attacker can exploit this issue to gain elevated privileges on an affected device. Cisco AnyConnect Secure Mobility Client is a next-generation VPN client. This client enables remote users to securely connect to Cisco ASA 5500 devices through SSL VPN
Trust: 1.98
AFFECTED PRODUCTS
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 4.0\(64\) | Trust: 1.6 |
| vendor: | cisco | model: | anyconnect secure mobility client | scope: | eq | version: | 4.0(64) | Trust: 1.1 |
| vendor: | cisco | model: | identity services engine software | scope: | eq | version: | 0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-284 | Trust: 1.1 |
| problemtype: | CWE-Other | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.9
TYPE
permissions and access control
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | 39018 | url: | http://tools.cisco.com/security/center/viewAlert.x?alertId=39018 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-0755 | Trust: 2.8 |
| db: | SECTRACK | id: | 1032424 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-002870 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201505-584 | Trust: 0.7 |
| db: | SECUNIA | id: | 64671 | Trust: 0.6 |
| db: | BID | id: | 74868 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-78701 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/viewalert.x?alertid=39018 | Trust: 2.0 |
| url: | http://www.securitytracker.com/id/1032424 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0755 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0755 | Trust: 0.8 |
| url: | http://secunia.com/advisories/64671 | Trust: 0.6 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | http://www.cisco.com/en/us/products/ps11640/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-78701 |
| db: | BID | id: | 74868 |
| db: | JVNDB | id: | JVNDB-2015-002870 |
| db: | CNNVD | id: | CNNVD-201505-584 |
| db: | NVD | id: | CVE-2015-0755 |
LAST UPDATE DATE
2024-11-23T22:45:57.605000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-78701 | date: | 2017-01-04T00:00:00 |
| db: | BID | id: | 74868 | date: | 2015-05-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-002870 | date: | 2015-06-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-201505-584 | date: | 2015-06-01T00:00:00 |
| db: | NVD | id: | CVE-2015-0755 | date: | 2024-11-21T02:23:39.530 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-78701 | date: | 2015-05-29T00:00:00 |
| db: | BID | id: | 74868 | date: | 2015-05-27T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-002870 | date: | 2015-06-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-201505-584 | date: | 2015-05-29T00:00:00 |
| db: | NVD | id: | CVE-2015-0755 | date: | 2015-05-29T15:59:09.327 |