Vigil@nce - Cisco AnyConnect: privilege escalation via vpnagent
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can run vpnagent of Cisco AnyConnect with a crafted
command line, in order to escalate his privileges.
Impacted products: Cisco AnyConnect Secure Mobility Client,
AnyConnect VPN Client
Severity: 2/4
Creation date: 03/06/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco AnyConnect Secure Mobility Client for Linux include a
program named vpnagent.
However, this program does not rightly checks the options in its
command line before running command with root privileges.
An attacker can therefore run vpnagent of Cisco AnyConnect with a
crafted command line, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-AnyConnect-privilege-escalation-via-vpnagent-17046