CVE-2015-6306

CVE Database · CVE-2015-6306

CVE-2015-6306

· N/AModified

CVSS v3.1

N/A

EPSS

1.05%

Published

Sep 25, 2015

Modified

May 6, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBCisco AnyConnect 3.1.08009 - Local Privilege Escalation (via DMG Install Script)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.

Weaknesses (CWE)

CWE-264

Affected Products (3)

cisco · anyconnect_secure_mobility_clientvulnerable

apple · mac_os_x

linux · linux_kernel

References (14)

http://packetstormsecurity.com/files/133685/Cisco-AnyConnect-DMG-Install-Script-Privilege-Escalation.html

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2015/Sep/86

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=41135

Vendor Advisory

http://www.securityfocus.com/archive/1/536534/100/0/threaded

http://www.securitytracker.com/id/1033656

Third Party AdvisoryVDB Entry

https://www.exploit-db.com/exploits/38303/

Exploit

KEV Catalog EPSS Scores Vendors All CVEs