Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2495 | 1 Cisco | 2 Anyconnect Secure Mobility Client, Secure Desktop | 2023-12-10 | 4.3 MEDIUM | N/A |
| The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. | |||||
| CVE-2012-3094 | 2 Cisco, Linux | 2 Anyconnect Secure Mobility Client, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | N/A |
| The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. | |||||
| CVE-2012-3088 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2023-12-10 | 9.3 HIGH | N/A |
| Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. | |||||
| CVE-2013-1172 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2023-12-10 | 6.6 MEDIUM | N/A |
| The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153. | |||||
| CVE-2011-2040 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2023-12-10 | 9.3 HIGH | N/A |
| The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934. | |||||
| CVE-2011-2039 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2023-12-10 | 7.6 HIGH | N/A |
| The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. | |||||
| CVE-2011-2041 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2023-12-10 | 7.2 HIGH | N/A |
| The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. | |||||