\n \n- \nIntroduction \n- \nCisco An圜onnect Secure Mobility Client contains functionality to \nauto-update itself. \n \nCisco has released bug ID CSCvs46327 for registered users, which \ncontains additional details and an up-to-date list of affected product \nversions. Cisco customers with active contracts can \nobtain updates through the Software Center at \n. \n \n- \nFix \n- \nThis vulnerability was fixed in Cisco An圜onnect Secure Mobility Client \nfor Windows version 2. \n \n- \nSee also \n- \n- CVE-2020-3153 \n- cisco-sa-ac-win-path-traverse-qO4HWBsj - Cisco An圜onnect Secure \nMobility Client for Windows Uncontrolled Search Path Vulnerability \n- SSD Advisory - Cisco An圜onnect Privilege Elevation through Path \nTraversal \n \n- \nTested version \n- \nThis issue was successfully verified on Cisco An圜onnect Secure Mobility \nClient for Windows version 0. \nSuccessful exploitation of this vulnerability allows the attacker to \ngain SYSTEM privileges. , "sourceHref": "", "sourceData": "`- \nCisco An圜onnect elevation of privileges due to insecure handling of \npath names \n- \nYorick Koster, December 2019 \n \n- \nAbstract \n- \nThe update functionality of the Cisco An圜onnect Secure Mobility Client \nfor Windows is affected by a path traversal vulnerability that allows \nlocal attackers to create/overwrite files on arbitrary locations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |