Cisco AnyConnect Secure Mobility Client for Windows Privilege Escalation Vulnerability
|
Información sobre el sistema
|
|
|
Software afectado |
Cisco |
Descripción
|
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account.The vulnerability is due to lack of checks in the code for the path to the downloader application and associated DLLs. An attacker could exploit this vulnerability by executing the downloader application from outside its expected location and providing a set
More info:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150922-CVE-2015-6305?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20AnyConnect%20Secure%20Mobility%20Client%20for%20Windows%20Pr |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
|