Lucene search
K

112 matches found

CVE
CVE
added 2021/01/13 9:17 p.m.131 views

CVE-2021-1237

Cisco AnyConnect Secure Mobility Client for Windows is affected by CVE-2021-1237 in the Network Access Manager and Web Security Agent components. The issue stems from insufficient validation of runtime-loaded resources, enabling an authenticated, local attacker with valid Windows credentials to c...

7.8CVSS7.8AI score0.00395EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/11/06 6:16 p.m.226 views

CVE-2020-3556

CVE-2020-3556 affects Cisco AnyConnect Secure Mobility Client (Windows/macOS/Linux). The IPC listener lacks authentication, allowing a local, authenticated attacker to send crafted IPC messages to cause the targeted user to execute a script with the user’s privileges. Exploitation requires an ong...

7.3CVSS7.1AI score0.00444EPSS
Exploits0References1Affected Software1
ThreatPost
ThreatPost
added 2020/11/05 3:16 p.m.212 views

Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched

Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept PoC exploit...

0.8AI score0.07935EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2020/08/17 12:0 a.m.56 views

CVE-2020-3433

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows...

7.8CVSS2.9AI score0.28307EPSS
In wildExploits16References3
Cisco
Cisco
added 2020/08/05 4:0 p.m.61 views

Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability

A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on th...

5.5CVSS1.2AI score0.00337EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2020/07/01 9:2 p.m.818 views

Cisco Warns of High-Severity Bug in Small Business Switch Lineup

Cisco Systems is warning of a high-severity flaw affecting more than a half-dozen of its small business switches. The flaw could allow remote, unauthenticated attackers to access the switches’ management interfaces with administrative privileges. Specifically affected are Series Smart Switches,...

10CVSS0.26869EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2020/02/20 12:0 a.m.43 views

CVE-2020-3153

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths...

7.8CVSS7.4AI score0.28307EPSS
In wildExploits16References6
Symantec
Symantec
added 2020/01/08 12:0 a.m.626 views

Cisco AnyConnect Secure Mobility Client CVE-2019-16007 Remote Security Bypass Vulnerability

Description Cisco AnyConnect Secure Mobility Client is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvr67149...

0.9AI score0.0036EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2019/05/15 4:0 p.m.38 views

Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker...

4.8CVSS0.8AI score0.01563EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2018/08/30 12:0 a.m.26 views

Cisco AnyConnect Secure Mobility Client 4.6.01099 Denial Of Service

Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-29 Vendor Homepage: https://www.cisco.com/ Software Link: App Store for iOS devices Tested Version: 4.6.01099 Vulnerability Type: Denial of...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2018/08/29 12:0 a.m.25 views

Cisco AnyConnect Secure Mobility Client 4.6.01099 - Introducir URL Denial of Service (PoC)

Cisco AnyConnect Secure Mobility Client 4.6.01099 - Introducir URL Denial of Service PoC Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-29 Vendor Homepage: https://www.cisco.com/ Softwar...

Exploits0
OSV
OSV
added 2018/07/13 8:29 p.m.4 views

CVE-2016-6562

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References3
Prion
Prion
added 2018/07/13 8:29 p.m.16 views

Design/Logic Flaw

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login...

2.9CVSS6.2AI score0.00437EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2018/07/13 8:0 p.m.44 views

CVE-2016-6562

The CVE-2016-6562 entry affects ShoreTel Mobility Client for iOS and Android, with versions 9.1.3.109 and earlier failing to properly validate SSL certificates over HTTPS. This permits MITM exposure of sensitive account information (e.g., login credentials) for devices on the same network. CERT/N...

7.5CVSS7AI score0.00437EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/06/15 12:0 a.m.495 views

Cisco AnyConnect Secure Mobility Client < 4.6.01098 Certificate Bypass Vulnerability

The version of Cisco AnyConnect Secure Mobility Client installed on the remote Windows host is prior to 4.6.01098. It is, therefore, affected by a certificate bypass vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110563; scriptversion"1.7";...

5.8CVSS5.3AI score0.00983EPSS
Exploits0References2
CNVD
CNVD
added 2018/06/12 12:0 a.m.4 views

Cisco AnyConnect Network Access Manager and AnyConnect Secure Mobility Client Certificate Bypass Vulnerability

Cisco AnyConnect Network Access Manager and AnyConnect Secure Mobility Client are both products of Cisco, U.S.A. Cisco Network Access Manager NAM is one of the network access managers. AnyConnect Secure Mobility Client is a secure mobility client that provides secure access to networks and...

5.8CVSS6.9AI score0.00983EPSS
Exploits0References1
Cisco
Cisco
added 2018/06/06 4:0 p.m.136 views

Cisco AnyConnect Secure Mobility Client Certificate Bypass Vulnerability

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading...

4.8CVSS1.2AI score0.00983EPSS
Exploits0References1
Prion
Prion
added 2017/10/05 7:29 a.m.20 views

Security feature bypass

A vulnerability in the Network Access Manager NAM of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker cou...

2.1CVSS6.2AI score0.00354EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/02/09 5:0 p.m.1371 views

CVE-2017-3813

CVE-2017-3813 | Cisco AnyConnect Secure Mobility Client for Windows contains a Start Before Logon (SBL) privilege-escalation vulnerability. The issue arises from insufficient access controls in the SBL module, allowing an unauthenticated, local attacker to start Internet Explorer with SYSTEM priv...

7.8CVSS7.5AI score0.01711EPSS
Exploits5References4Affected Software1
CERT
CERT
added 2017/01/03 12:0 a.m.54 views

ShoreTel Mobility Client mobile application does not verify SSL certificates

Overview ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper Certificate Validation -...

7.5CVSS7.3AI score0.00437EPSS
Exploits0References4
Rows per page
Query Builder