Summary

• IntelliShield has updated this alert to notify customers on the availability of software updates to address the Cisco AnyConnect Secure Mobility Client for Windows privilege escalation vulnerability.

Analysis

• To exploit this vulnerability an attacker must authenticate and have local access to the targeted system. These access requirements may reduce the likelihood of a successful exploit.
  
  This issue was independently reported to the Cisco PSIRT by Google Project Zero and Mr. Yorick Koster of Securify B.V. We would like to thank Google Project Zero and Securify B.V. for reporting this vulnerability to Cisco and working with us towards a coordinated disclosure.

Vendor Announcements

• Cisco has released bug ID CSCuv01279 for registered users, which contains additional details and an up-to-date list of affected product versions.

Fixed Software

Revision History

• Version 2, September 23, 2015, 11:25 AM: Functional code that demonstrates an exploit of the Cisco AnyConnect Secure Mobility Client for Windows privilege escalation vulnerability is publicly available.

  Version 1, September 22, 2015, 12:02 PM: Cisco AnyConnect Secure Mobility Client for Windows contains a vulnerability that could allow an authenticated, local attacker to gain elevated privileges. Updates are not available.

  Show Less

Affected Products

• The security vulnerability applies to the following combinations of products.
  
  

  Primary Products
  Cisco	Cisco AnyConnect Secure Mobility Client	2.0 (.0343) | 2.1 (.0148) | 2.2 (.0133, .0136, .0140) | 2.3 (.0185, .0254, .1003, .2016) | 2.4 (.0202, .1012) | 2.5 (Base, .0217, .2006, .2010, .2011, .2014, .2017, .2018, .2019, .3041, .3046, .3051, .3054, .3055) | 3.0 (.0, .0629, .1047, .2052, .3050, .3054, .4235, .5075, .5080, .09231, .09266, .09353) | 3.1 (.0, .02043, .05182, .05187, .06073, .07021, (60)) | 4.0 (.0, .00048, .00051, (64), (48), (2049)) | 4.1 (.0)

  Associated Products