Sign-up

ID

VAR-201508-0499


CVE

CVE-2015-4289


TITLE

Cisco AnyConnect Secure Mobility Client Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2015-003961

DESCRIPTION

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920. Exploiting this issue can allow an attacker to write or overwrite arbitrary files in users context. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCut93920

Trust: 1.98

sources: NVD: CVE-2015-4289 // JVNDB: JVNDB-2015-003961 // BID: 76125 // VULHUB: VHN-82250

AFFECTED PRODUCTS

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.0\(2049\)

Trust: 1.6

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:4.0(2049)

Trust: 1.1

sources: BID: 76125 // JVNDB: JVNDB-2015-003961 // CNNVD: CNNVD-201507-845 // NVD: CVE-2015-4289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4289
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-4289
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201507-845
value: MEDIUM

Trust: 0.6

VULHUB: VHN-82250
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-4289
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-82250
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-82250 // JVNDB: JVNDB-2015-003961 // CNNVD: CNNVD-201507-845 // NVD: CVE-2015-4289

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-82250 // JVNDB: JVNDB-2015-003961 // NVD: CVE-2015-4289

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201507-845

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201507-845

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003961

PATCH
title:40175url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40175
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-003961

EXTERNAL IDS
db:NVDid:CVE-2015-4289
Trust: 2.8
db:SECTRACKid:1033173
Trust: 1.1
db:JVNDBid:JVNDB-2015-003961
Trust: 0.8
db:CNNVDid:CNNVD-201507-845
Trust: 0.7
db:BIDid:76125
Trust: 0.4
db:VULHUBid:VHN-82250
Trust: 0.1
sources:
            
            
            VULHUB: VHN-82250 // 
            
            
            
            BID: 76125 // 
            
            
            
            JVNDB: JVNDB-2015-003961 // 
            
            
            
            CNNVD: CNNVD-201507-845 // 
            
            
            
            NVD: CVE-2015-4289

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40175
Trust: 2.0
url:http://www.securitytracker.com/id/1033173
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4289
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4289
Trust: 0.8
url:http://www.cisco.com/en/us/products/ps10884/index.html
Trust: 0.3
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-82250 // 
            
            
            
            BID: 76125 // 
            
            
            
            JVNDB: JVNDB-2015-003961 // 
            
            
            
            CNNVD: CNNVD-201507-845 // 
            
            
            
            NVD: CVE-2015-4289

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 76125

SOURCES
db:VULHUBid:VHN-82250
db:BIDid:76125
db:JVNDBid:JVNDB-2015-003961
db:CNNVDid:CNNVD-201507-845
db:NVDid:CVE-2015-4289

LAST UPDATE DATE
2024-11-23T23:09:14.562000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-82250date:2015-09-03T00:00:00
db:BIDid:76125date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003961date:2015-08-04T00:00:00
db:CNNVDid:CNNVD-201507-845date:2015-08-03T00:00:00
db:NVDid:CVE-2015-4289date:2024-11-21T02:30:46.593

SOURCES RELEASE DATE
db:VULHUBid:VHN-82250date:2015-08-01T00:00:00
db:BIDid:76125date:2015-07-30T00:00:00
db:JVNDBid:JVNDB-2015-003961date:2015-08-04T00:00:00
db:CNNVDid:CNNVD-201507-845date:2015-07-31T00:00:00
db:NVDid:CVE-2015-4289date:2015-08-01T01:59:14.787