NVD Vulnerability Detail

CVE-2015-6306

Summary	Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.
Publication Date	Sept. 26, 2015, 10:59 a.m.
Registration Date	Jan. 26, 2021, 2:54 p.m.
Last Update	Nov. 21, 2024, 11:34 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.1.\(8\):::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x::::::::
2	cpe:2.3:o:linux:linux_kernel::::::::

Related information, measures and tools

No	URL	タグ
1	http://packetstormsecurity.com/files/133685/Cisco-AnyConnect-DMG-Install-Script-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
2	http://packetstormsecurity.com/files/133685/Cisco-AnyConnect-DMG-Install-Script-Privilege-Escalation.html	Exploit Third Party Advisory VDB Entry
3	http://seclists.org/fulldisclosure/2015/Sep/86	Third Party Advisory VDB Entry
4	http://seclists.org/fulldisclosure/2015/Sep/86	Third Party Advisory VDB Entry
5	http://tools.cisco.com/security/center/viewAlert.x?alertId=41135	Vendor Advisory
6	http://tools.cisco.com/security/center/viewAlert.x?alertId=41135	Vendor Advisory
7	http://www.securityfocus.com/archive/1/536534/100/0/threaded
8	http://www.securityfocus.com/archive/1/536534/100/0/threaded
9	http://www.securitytracker.com/id/1033656	Third Party Advisory VDB Entry
10	http://www.securitytracker.com/id/1033656	Third Party Advisory VDB Entry
11	https://www.exploit-db.com/exploits/38303/	Exploit Third Party Advisory VDB Entry
12	https://www.exploit-db.com/exploits/38303/	Exploit Third Party Advisory VDB Entry
13	https://www.securify.nl/advisory/SFY20150701/cisco_anyconnect_elevation_%20of_privileges_via_dmg_install_script.html	Patch Third Party Advisory
14	https://www.securify.nl/advisory/SFY20150701/cisco_anyconnect_elevation_%20of_privileges_via_dmg_install_script.html	Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Mac OS X および Linux 上で稼働する Cisco AnyConnect Secure Mobility Client における root 権限を取得される脆弱性

Title	Mac OS X および Linux 上で稼働する Cisco AnyConnect Secure Mobility Client における root 権限を取得される脆弱性
Summary	Mac OS X および Linux 上で稼働する Cisco AnyConnect Secure Mobility Client は、インストール前にパス名を確認しないため、root 権限を取得される脆弱性が存在します。ベンダは、本脆弱性を Bug ID CSCuv11947 として公開しています。
Possible impacts	ローカルユーザにより、巧妙に細工されたインストールファイルを介して、root 権限を取得される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Sept. 23, 2015, midnight
Registration Date	Sept. 30, 2015, 3:20 p.m.
Last Update	Sept. 30, 2015, 3:20 p.m.

Affected System

シスコシステムズ

Cisco AnyConnect Secure Mobility Client 4.1 (8)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-6306	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6306
National Vulnerability Database (NVD)
2	CVE-2015-6306	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6306

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Vulnerability Alert
1	41135	http://tools.cisco.com/security/center/viewAlert.x?alertId=41135

Change Log

No	Changed Details	Date of change
0	[2015年09月30日] 掲載	Feb. 17, 2018, 10:37 a.m.