Lucene search
K

112 matches found

Prion
Prion
added 2016/12/14 12:59 a.m.18 views

Design/Logic Flaw

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected...

7.2CVSS7.2AI score0.03473EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2016/08/25 9:59 p.m.20 views

CVE-2016-6369

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464...

7.8CVSS7.6AI score0.00392EPSS
Exploits0References3
CVE
CVE
added 2016/08/25 9:0 p.m.53 views

CVE-2016-6369

CVE-2016-6369 affects Cisco AnyConnect Secure Mobility Client for Windows. Versions before 4.2.05015 and before 4.3.02039 mishandle pathnames/filenames during INF-based installation, allowing a local attacker to gain SYSTEM privileges via a crafted INF file (Bug CSCuz92464). Impact is local privi...

7.8CVSS7.5AI score0.00392EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2016/08/25 12:0 a.m.4 views

Cisco AnyConnect Secure Mobility Client Local Elevation of Privilege Vulnerability

Cisco AnyConnect Secure Mobility Client is a secure mobility client from Cisco that provides secure access to networks and applications from any device. A local elevation of privilege vulnerability exists in Cisco AnyConnect Secure Mobility Client versions prior to 4.2.05015 and 4.3.02039. A loca...

7.8CVSS7.5AI score0.00392EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/01/22 12:0 a.m.125 views

Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x8664 Montgomery squaring...

7.5CVSS6.9AI score0.44016EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2016/01/22 12:0 a.m.196 views

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x8664 Montgomery...

7.5CVSS6.9AI score0.44016EPSS
Exploits1References8
CVE
CVE
added 2015/10/12 10:0 a.m.68 views

CVE-2015-6322

CVE-2015-6322 affects Cisco AnyConnect Secure Mobility Client IPC channel. The vulnerability arises from missing source-path validation in IPC commands, allowing a local attacker to bypass access restrictions and move arbitrary files with elevated privileges. Affected products include AnyConnect ...

6.6CVSS6.6AI score0.00383EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/09/26 1:59 a.m.26 views

CVE-2015-6306

Cisco AnyConnect Secure Mobility Client 4.18 on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947...

7.2CVSS6AI score0.01048EPSS
Exploits3References7
CVE
CVE
added 2015/09/25 1:0 a.m.77 views

CVE-2015-6305

CVE-2015-6305 affects Cisco AnyConnect Secure Mobility Client for Windows (versions 2.0–4.1). The issue arises from untrusted search path handling in vpndownloader.exe’s CMainThread::launchDownloader, enabling a local attacker with valid credentials to plant a malicious DLL in the current working...

7.2CVSS6.4AI score0.01202EPSS
Exploits3References6Affected Software1
CVE
CVE
added 2015/09/25 1:0 a.m.57 views

CVE-2015-6306

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux is affected by an elevation-of-privilege vulnerability (CVE-2015-6306) due to not verifying pathnames before installation actions, enabling local users to obtain root privileges via a crafted installation file. Public writeups descr...

7.2CVSS6.1AI score0.01048EPSS
Exploits3References7Affected Software1
Cvelist
Cvelist
added 2015/09/25 1:0 a.m.31 views

CVE-2015-6306

Cisco AnyConnect Secure Mobility Client 4.18 on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947...

6AI score0.01048EPSS
Exploits3References7
exploitpack
exploitpack
added 2015/09/23 12:0 a.m.22 views

Cisco AnyConnect 3.1.08009 - Local Privilege Escalation (via DMG Install Script)

Cisco AnyConnect 3.1.08009 - Local Privilege Escalation via DMG Install Script / Cisco AnyConnect elevation of privileges via DMG install script - proof of concept Yorick Koster, July 2015 https://securify.nl/advisory/SFY20150701/ciscoanyconnectelevationofprivilegesviadmginstallscript.html based ...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/19 12:0 a.m.33 views

Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0. It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by...

6.4CVSS5.8AI score0.01927EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/07 12:0 a.m.33 views

Cisco AnyConnect Secure Mobility Client < 3.1.8009.0 / 4.0.x < 4.0.2052.0 / 4.1.x < 4.1.28.0 Multiple Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.8009.0, or is version 4.0.x prior to 4.0.2052.0, or version 4.1.x prior to 4.1.28.0. It is, therefore, affected by the following vulnerabilities : - A flaw exists due to not sanitizing the input of...

6.6CVSS6AI score0.00386EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/08/07 12:0 a.m.22 views

Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4013.0 / 4.1.x < 4.1.4011.0 IPC File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4013.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to write files. A local,...

6.6CVSS5.7AI score0.00336EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/07 12:0 a.m.27 views

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.8009.0 / 4.0.x < 4.0.2052.0 / 4.1.x < 4.1.28.0 Multiple Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.8009.0, or is version 4.0.x prior to 4.0.2052.0, or version 4.1.x prior to 4.1.28.0. It is, therefore, affected by the following vulnerabilities : - A flaw exists due to not sanitizing the...

6.6CVSS6AI score0.00386EPSS
Exploits0References4
CNVD
CNVD
added 2015/08/03 12:0 a.m.2 views

Cisco AnyConnect Secure Mobility Client Directory Traversal Vulnerability

The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. Cisco AnyConnect Secure Mobility Client 4.0 2049 has a directory traversal vulnerability in the implementation of the connection establishment process that could allow an unauthenticated, remote attacker to perform...

6.4CVSS7AI score0.01927EPSS
Exploits0References1
CVE
CVE
added 2015/08/01 1:0 a.m.68 views

CVE-2015-4289

Cisco AnyConnect Secure Mobility Client 4.0(2049) is affected by a directory traversal vulnerability that allows an unauthenticated head-end to craft attributes and cause the client to write arbitrary files in the active user’s context. The issue stems from insufficient input validation during co...

6.4CVSS6.8AI score0.01927EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/07/29 2:59 p.m.20 views

CVE-2015-4290

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.02049 on OS X allows local users to cause a denial of service panic via vectors involving contiguous memory locations, aka Bug ID CSCut12255...

4.9CVSS6AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/29 2:0 p.m.20 views

CVE-2015-4290

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.02049 on OS X allows local users to cause a denial of service panic via vectors involving contiguous memory locations, aka Bug ID CSCut12255...

6AI score0.00292EPSS
Exploits0References2
Rows per page
Query Builder