CVE-2010-4148

AnyConnect < 1.2.3.0 - Path Traversal via FTP Filename

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/68666
Exploit mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=128699692209082&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/44076
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41802
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62563

Scores

EPSS 0.0176
EPSS Percentile 75.3%

Details

CWE
CWE-22
Status published
Products (1)
anyconnect/anyconnect < 1.2.3.0
Published Nov 02, 2010
Tracked Since Feb 18, 2026