CVE-2015-0664

{"id": "CVE-2015-0664", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.1, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-03-18T23:59:00.067", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37861", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1031932", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195."}, {"lang": "es", "value": "El canal IPC en Cisco AnyConnect Secure Mobility Client 4.0(.00051) y anteriores permite a usuarios locales escribir a localizaciones de memoria de espacios de usuarios arbitrarias, y como consecuencia ganar privilegios, a trav\u00e9s de mensajes manipulados, tambi\u00e9n conocido como Bug ID CSCus79195."}], "lastModified": "2015-09-10T16:05:39.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67B41479-2501-44C7-ADFC-2887CAD8B6C8", "versionEndIncluding": "4.0\\(.00051\\)"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}