Details of VAR-201506-0153

ID

VAR-201506-0153

CVE

CVE-2015-0761

TITLE

Linux Run on Cisco AnyConnect Secure Mobility Client In root Privileged vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002940

DESCRIPTION

Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790. Vendors have confirmed this vulnerability Bug ID CSCus86790 It is released as.Crafted by local users vpnagent Through the options root You may get permission. A local attacker may exploit this issue to gain elevated root privileges on the device. This issue is being tracked by Cisco Bug ID CSCus86790. The vulnerability stems from the incorrect implementation of internal functions in the program

Trust: 1.98

sources: NVD: CVE-2015-0761 // JVNDB: JVNDB-2015-002940 // BID: 74954 // VULHUB: VHN-78707

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0\(.00051\)	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0\(.00048\)	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lte	version:	3.1\(.07021\)	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1(8009)	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(2052)	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lt	version:	4.x (linux)	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lt	version:	(linux)	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.1\(.07021\)	Trust: 0.6

sources: JVNDB: JVNDB-2015-002940 // CNNVD: CNNVD-201506-050 // NVD: CVE-2015-0761

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0761
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0761
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201506-050
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78707
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0761
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78707
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78707 // JVNDB: JVNDB-2015-002940 // CNNVD: CNNVD-201506-050 // NVD: CVE-2015-0761

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-78707 // JVNDB: JVNDB-2015-002940 // NVD: CVE-2015-0761

THREAT TYPE

local

Trust: 0.9

sources: BID: 74954 // CNNVD: CNNVD-201506-050

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-050

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002940

PATCH

title:

39158

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39158

Trust: 0.8

sources: JVNDB: JVNDB-2015-002940

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0761	Trust: 2.8
db:	BID	id:	74954	Trust: 1.4
db:	SECTRACK	id:	1032472	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002940	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-050	Trust: 0.7
db:	VULHUB	id:	VHN-78707	Trust: 0.1

sources: VULHUB: VHN-78707 // BID: 74954 // JVNDB: JVNDB-2015-002940 // CNNVD: CNNVD-201506-050 // NVD: CVE-2015-0761

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39158	Trust: 1.7
url:	http://www.securityfocus.com/bid/74954	Trust: 1.1
url:	http://www.securitytracker.com/id/1032472	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0761	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0761	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-78707 // BID: 74954 // JVNDB: JVNDB-2015-002940 // CNNVD: CNNVD-201506-050 // NVD: CVE-2015-0761

CREDITS

Cisco

Trust: 0.3

sources: BID: 74954

SOURCES

db:	VULHUB	id:	VHN-78707
db:	BID	id:	74954
db:	JVNDB	id:	JVNDB-2015-002940
db:	CNNVD	id:	CNNVD-201506-050
db:	NVD	id:	CVE-2015-0761

LAST UPDATE DATE

2024-11-23T22:01:45.051000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78707	date:	2017-01-04T00:00:00
db:	BID	id:	74954	date:	2015-07-15T00:24:00
db:	JVNDB	id:	JVNDB-2015-002940	date:	2015-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201506-050	date:	2015-06-10T00:00:00
db:	NVD	id:	CVE-2015-0761	date:	2024-11-21T02:23:40.190

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78707	date:	2015-06-04T00:00:00
db:	BID	id:	74954	date:	2015-06-02T00:00:00
db:	JVNDB	id:	JVNDB-2015-002940	date:	2015-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201506-050	date:	2015-06-05T00:00:00
db:	NVD	id:	CVE-2015-0761	date:	2015-06-04T10:59:01.520