Vigil@nce - Cisco AnyConnect Secure Mobility Client: moving files
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can use IPC of Cisco AnyConnect Secure Mobility
Client for Windows, to move a file, in order to trigger a denial
of service.
– Impacted products: Cisco AnyConnect Secure Mobility Client.
– Severity: 2/4.
– Creation date: 09/10/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco AnyConnect Secure Mobility Client for Windows product
has an IPC interface (interprocess communication).
However, a local attacker can request an arbitrary file to be
moved.
A local attacker can therefore use IPC of Cisco AnyConnect Secure
Mobility Client for Windows, to move a file, in order to trigger a
denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-AnyConnect-Secure-Mobility-Client-moving-files-18069