Details of VAR-201507-0517

ID

VAR-201507-0517

CVE

CVE-2015-4290

TITLE

Mac OS X Run on Cisco AnyConnect Secure Mobility Client Service disruption in the kernel extension (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003947

DESCRIPTION

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255. Vendors have confirmed this vulnerability Bug ID CSCut12255 It is released as.Local user disrupts service operation due to problems with adjacent memory areas ( panic ) There is a possibility of being put into a state. Cisco AnyConnect Secure Mobility Client is prone to a local denial-of-service vulnerability. A local attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco bug ID CSCut12255

Trust: 1.98

sources: NVD: CVE-2015-4290 // JVNDB: JVNDB-2015-003947 // BID: 76085 // VULHUB: VHN-82251

AFFECTED PRODUCTS

vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0\(2049\)	Trust: 1.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(2049) (mac os x)	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	4.0(2049)	Trust: 0.3

sources: BID: 76085 // JVNDB: JVNDB-2015-003947 // CNNVD: CNNVD-201507-806 // NVD: CVE-2015-4290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4290
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4290
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201507-806
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82251
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4290
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-82251
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-82251 // JVNDB: JVNDB-2015-003947 // CNNVD: CNNVD-201507-806 // NVD: CVE-2015-4290

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-82251 // JVNDB: JVNDB-2015-003947 // NVD: CVE-2015-4290

THREAT TYPE

local

Trust: 0.9

sources: BID: 76085 // CNNVD: CNNVD-201507-806

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201507-806

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003947

PATCH

title:

40176

url:

http://tools.cisco.com/security/center/viewAlert.x?alertId=40176

Trust: 0.8

sources: JVNDB: JVNDB-2015-003947

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4290	Trust: 2.8
db:	SECTRACK	id:	1033113	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003947	Trust: 0.8
db:	CNNVD	id:	CNNVD-201507-806	Trust: 0.7
db:	BID	id:	76085	Trust: 0.4
db:	VULHUB	id:	VHN-82251	Trust: 0.1

sources: VULHUB: VHN-82251 // BID: 76085 // JVNDB: JVNDB-2015-003947 // CNNVD: CNNVD-201507-806 // NVD: CVE-2015-4290

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=40176	Trust: 2.0
url:	http://www.securitytracker.com/id/1033113	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4290	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4290	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-82251 // BID: 76085 // JVNDB: JVNDB-2015-003947 // CNNVD: CNNVD-201507-806 // NVD: CVE-2015-4290

CREDITS

Cisco

Trust: 0.3

sources: BID: 76085

SOURCES

db:	VULHUB	id:	VHN-82251
db:	BID	id:	76085
db:	JVNDB	id:	JVNDB-2015-003947
db:	CNNVD	id:	CNNVD-201507-806
db:	NVD	id:	CVE-2015-4290

LAST UPDATE DATE

2024-11-23T23:02:40.207000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-82251	date:	2015-08-21T00:00:00
db:	BID	id:	76085	date:	2015-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-003947	date:	2015-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201507-806	date:	2015-07-30T00:00:00
db:	NVD	id:	CVE-2015-4290	date:	2024-11-21T02:30:46.707

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-82251	date:	2015-07-29T00:00:00
db:	BID	id:	76085	date:	2015-07-28T00:00:00
db:	JVNDB	id:	JVNDB-2015-003947	date:	2015-07-30T00:00:00
db:	CNNVD	id:	CNNVD-201507-806	date:	2015-07-30T00:00:00
db:	NVD	id:	CVE-2015-4290	date:	2015-07-29T14:59:04.413