112 matches found
CVE-2021-1237
Cisco AnyConnect Secure Mobility Client for Windows is affected by CVE-2021-1237 in the Network Access Manager and Web Security Agent components. The issue stems from insufficient validation of runtime-loaded resources, enabling an authenticated, local attacker with valid Windows credentials to c...
CVE-2020-3556
CVE-2020-3556 affects Cisco AnyConnect Secure Mobility Client (Windows/macOS/Linux). The IPC listener lacks authentication, allowing a local, authenticated attacker to send crafted IPC messages to cause the targeted user to execute a script with the user’s privileges. Exploitation requires an ong...
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept PoC exploit...
CVE-2020-3433
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows...
Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on th...
Cisco Warns of High-Severity Bug in Small Business Switch Lineup
Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches,...
CVE-2020-3153
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths...
Cisco AnyConnect Secure Mobility Client CVE-2019-16007 Remote Security Bypass Vulnerability
Description Cisco AnyConnect Secure Mobility Client is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvr67149...
Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker...
Cisco AnyConnect Secure Mobility Client 4.6.01099 Denial Of Service
Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-29 Vendor Homepage: https://www.cisco.com/ Software Link: App Store for iOS devices Tested Version: 4.6.01099 Vulnerability Type: Denial of...
Cisco AnyConnect Secure Mobility Client 4.6.01099 - Introducir URL Denial of Service (PoC)
Cisco AnyConnect Secure Mobility Client 4.6.01099 - Introducir URL Denial of Service PoC Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-29 Vendor Homepage: https://www.cisco.com/ Softwar...
CVE-2016-6562
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login...
Design/Logic Flaw
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login...
CVE-2016-6562
The CVE-2016-6562 entry affects ShoreTel Mobility Client for iOS and Android, with versions 9.1.3.109 and earlier failing to properly validate SSL certificates over HTTPS. This permits MITM exposure of sensitive account information (e.g., login credentials) for devices on the same network. CERT/N...
Cisco AnyConnect Secure Mobility Client < 4.6.01098 Certificate Bypass Vulnerability
The version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is prior to 4.6.01098. It is, therefore, affected by a certificate bypass vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110563; scriptversion"1.7";...
Cisco AnyConnect Network Access Manager and AnyConnect Secure Mobility Client Certificate Bypass Vulnerability
Cisco AnyConnect Network Access Manager and AnyConnect Secure Mobility Client are both products of Cisco, U.S.A. Cisco Network Access Manager NAM is one of the network access managers. AnyConnect Secure Mobility Client is a secure mobility client that provides secure access to networks and...
Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...
Security feature bypass
A vulnerability in the Network Access Manager NAM of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker cou...
CVE-2017-3813
CVE-2017-3813 | Cisco AnyConnect Secure Mobility Client for Windows contains a Start Before Logon (SBL) privilege-escalation vulnerability. The issue arises from insufficient access controls in the SBL module, allowing an unauthenticated, local attacker to start Internet Explorer with SYSTEM priv...
ShoreTel Mobility Client mobile application does not verify SSL certificates
Overview ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...