Total
67 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3094 | 2 Cisco, Linux | 2 Anyconnect Secure Mobility Client, Linux Kernel | 2024-02-04 | 5.0 MEDIUM | N/A |
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. | |||||
CVE-2012-1370 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-02-04 | 3.5 LOW | N/A |
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. | |||||
CVE-2012-3088 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-02-04 | 9.3 HIGH | N/A |
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. | |||||
CVE-2012-2499 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-02-04 | 5.8 MEDIUM | N/A |
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. | |||||
CVE-2011-2039 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2024-02-04 | 7.6 HIGH | N/A |
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904. | |||||
CVE-2011-2040 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2024-02-04 | 9.3 HIGH | N/A |
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934. | |||||
CVE-2011-2041 | 2 Cisco, Microsoft | 3 Anyconnect Secure Mobility Client, Windows, Windows Mobile | 2024-02-04 | 7.2 HIGH | N/A |
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556. |