CVE-2015-6306
CVE-2015-6306
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/133685/Cisco-AnyConnect-DMG-Install-Script-Privilege-Escalation.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38303/unverifiedexploitdbwww.exploit-db.com/exploits/38303unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/133685/Cisco-AnyConnect-DMG-Install-Script-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2015/Sep/86https://www.exploit-db.com/exploits/38303/https://www.securify.nl/advisory/SFY20150701/cisco_anyconnect_elevation_%20of_privileges_via_dmg_install_script.htmlhttp://tools.cisco.com/security/center/viewAlert.x?alertId=41135http://www.securityfocus.com/archive/1/536534/100/0/threadedhttp://www.securitytracker.com/id/1033656