Vulnerability Details : CVE-2015-0761
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.
Products affected by CVE-2015-0761
- cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(.00051\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.0\(.00048\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0761
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0761
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2015-0761
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0761
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=39158
Cisco AnyConnect Secure Mobility Client Privilege Escalation VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/74954
Cisco AnyConnect Secure Mobility Client CVE-2015-0761 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1032472
Cisco AnyConnect Secure Mobility Client 'vpnagent' Bug Lets Local Users Gain Elevated Privileges - SecurityTrackerThird Party Advisory;VDB Entry
Jump to