Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2011-2039
HistoryJun 02, 2011 - 7:55 p.m.

CVE-2011-2039

2011-06-0219:55:04
CWE-20
[email protected]
web.nvd.nist.gov

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.782 High

EPSS

Percentile

98.3%

JSON

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

Affected configurations

NVD
Node
ciscoanyconnect_secure_mobility_clientRange2.3
OR
ciscoanyconnect_secure_mobility_clientMatch2.0
OR
ciscoanyconnect_secure_mobility_clientMatch2.1
OR
ciscoanyconnect_secure_mobility_clientMatch2.2
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.128
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.133
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.136
OR
ciscoanyconnect_secure_mobility_clientMatch2.2.140
AND
microsoftwindows
OR
microsoftwindows_mobile

Related

checkpoint_advisories 1
securityvulns 3
prion 1
packetstorm 1
cve 1
saint 4
cvelist 1
cert 1
nessus 1
seebug 1
checkpoint_advisories
checkpoint_advisories
Cisco AnyConnect VPN Client ActiveX Code Execution (CVE-2011-2039)
2011-08-16 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability
2011-06-03 00:00:00
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
2011-06-02 00:00:00
Cisco AnyConnect Secure Mobility Client security vulnerabilities
2011-06-03 00:00:00
prion
prion
Design/Logic Flaw
2011-06-02 19:55:00
packetstorm
packetstorm
Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute
2011-06-07 00:00:00
cve
cve
CVE-2011-2039
2011-06-02 19:55:04
saint
saint
Cisco AnyConnect Secure Mobility Client VPNWeb ActiveX Code Execution
2011-06-13 00:00:00
Cisco AnyConnect Secure Mobility Client VPNWeb ActiveX Code Execution
2011-06-13 00:00:00
Cisco AnyConnect Secure Mobility Client VPNWeb ActiveX Code Execution
2011-06-13 00:00:00
cvelist
cvelist
CVE-2011-2039
2011-06-02 19:00:00
cert
cert
Cisco AnyConnect SSL VPN arbitrary code execution
2011-06-07 00:00:00
nessus
nessus
Cisco AnyConnect Secure Mobility Client < 2.3.254 Multiple Vulnerabilities
2011-06-03 00:00:00
seebug
seebug
Cisco AnyConnect Secure Mobility Client任意代码执行及本地特权提升漏洞
2011-06-04 00:00:00

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.782 High

EPSS

Percentile

98.3%

JSON
Related for NVD:CVE-2011-2039
checkpoint_advisories1securityvulns3prion1packetstorm1cve1saint4cvelist1cert1nessus1seebug1