Description
Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/68666
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_anyconnect.html
Exploit x_refsource_misc
http://packetstormsecurity.org/1010-exploits/anyconnect-traversal.txt
Exploit mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=128699692209082&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44076
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41802
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/62563
Scores
EPSS
0.0176
EPSS Percentile
75.3%
Details
CWE
CWE-22
Status
published
Products (1)
anyconnect/anyconnect
< 1.2.3.0
Published
Nov 02, 2010
Tracked Since
Feb 18, 2026