CVE-2015-4289

Cisco AnyConnect Secure Mobility Client 4.0(2049) - Path Traversal and Arbitrary File Write via Configuration Attribute

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=40175
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033173

Scores

EPSS 0.0193
EPSS Percentile 77.5%

Details

CWE
CWE-22
Status published
Products (1)
cisco/anyconnect_secure_mobility_client 4.0\(2049\)
Published Aug 01, 2015
Tracked Since Feb 18, 2026