SAINT CorporationSAINT:1BDE20040731896364BBC4B5B33AB412Cisco AnyConnect Secure Mobility Client VPNWeb ActiveX Code Execution
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.751 High
EPSS
Percentile
98.1%
Added: 06/13/2011
CVE: CVE-2011-2039
BID: 48081
OSVDB: 72714
Background
Cisco AnyConnect Secure Mobility Client provides remote mobile users with secure IPsec (IKEv2) or SSL Virtual Private Network (VPN) connections to Cisco 5500 Series Adaptive Security Appliances (ASA) and devices that are running Cisco IOS Software.
Problem
The AnyConnect Secure Mobility Client web deployment package uses an ActiveX control (**vpnweb.ocx**) to download and start the downloader application for the Secure Mobility Client application. A remote code execution vulnerability exists in the **vpnweb.ocx** ActiveX control because it fails to properly validate the authenticity of the downloaded executable when the client is deployed from the VPN headend. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted web page.
Resolution
Cisco has released free software updates that address these vulnerabilities.
References
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909>
<http://www.cisco.com/warp/public/707/cisco-sa-20110601-ac.shtml>
Limitations
Exploit works on Cisco Systems AnyConnect Secure Mobility Client For Windows 2.3.0254.
The HTML page of the exploit must be opened using Internet Explorer 7 or 8 on the target.
Platforms
Windows
Related
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.751 High
EPSS
Percentile
98.1%