CVE-2015-6305

Cisco Anyconnect Secure Mobility Client - Untrusted Search Path

Title source: rule
STIX 2.1

Description

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textlocalwindows
https://www.exploit-db.com/exploits/38289

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033643
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38289/
Third Party Advisory, VDB Entry mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Sep/80
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=41136

Scores

EPSS 0.0196
EPSS Percentile 83.6%

Details

CWE
CWE-426
Status published
Products (50)
cisco/anyconnect_secure_mobility_client 2.0.0343
cisco/anyconnect_secure_mobility_client 2.1.0.148
cisco/anyconnect_secure_mobility_client 2.2.0133
cisco/anyconnect_secure_mobility_client 2.2.0136
cisco/anyconnect_secure_mobility_client 2.2.0140
cisco/anyconnect_secure_mobility_client 2.3.0185
cisco/anyconnect_secure_mobility_client 2.3.0254
cisco/anyconnect_secure_mobility_client 2.3.1003
cisco/anyconnect_secure_mobility_client 2.3.2016
cisco/anyconnect_secure_mobility_client 2.4.0202
... and 40 more
Published Sep 26, 2015
Tracked Since Feb 18, 2026