112 matches found
CVE-2015-4211
Cisco AnyConnect Secure Mobility Client on Windows has a local privilege escalation via path validation failure in the vpndownloader launcher (CMainThread::launchDownloader). A crafted DLL load path (DLL planting) and the downloader’s location bypass the intended checks, enabling a local user to ...
Cisco AnyConnect Secure Mobility Client Remote Command Execution
!-- Cisco AnyConnect Secure Mobility Client Remote Command Execution Vendor: Cisco Systems, Inc. Product web page: http://www.cisco.com Affected version: 2.x 3.0 3.0.0A90 3.1.0472 3.1.05187 3.1.06073 3.1.06078 3.1.06079 3.1.07021 3.1.08009 4.0.00013 4.0.00048 4.0.00051 4.0.02052 4.0.00057...
CVE-2015-0761
Cisco AnyConnect Secure Mobility Client before 3.18009 and 4.x before 4.02052 on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790...
CVE-2015-0761
Cisco AnyConnect Secure Mobility Client for Linux (Linux builds affected: before 3.1(8009) and before 4.0(2052)) contains a local privilege escalation due to improper implementation of internal functions, allowing an authenticated, local attacker to obtain root privileges by crafting vpnagent opt...
Design/Logic Flaw
The Posture module for Cisco Identity Services Engine ISE, as distributed in Cisco AnyConnect Secure Mobility Client 4.064, allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797...
CVE-2015-0755
The Posture module for Cisco Identity Services Engine ISE, as distributed in Cisco AnyConnect Secure Mobility Client 4.064, allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797...
Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4014.0 / 4.1.x < 4.1.4011.0 Code Execution Vulnerability
The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4014.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to install software as...
CVE-2015-0664
Cisco AnyConnect Secure Mobility Client (affected: 4.0(.00051) and earlier) contains an IPC channel vulnerability (CVE-2015-0664) that allows a local attacker to write to arbitrary user-space memory and escalate privileges via specially crafted IPC messages. Multiple Nessus/Cisco advisories reite...
Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability
The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. The Cisco AnyConnect Secure Mobility Client has a security vulnerability in inter-process communication IPC that allows a local attacker to write and overwrite arbitrary files with elevated privileges...
CVE-2015-0665
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0.00051 and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173...
CVE-2015-0663
The CVE-2015-0663 entry covers Cisco AnyConnect Secure Mobility Client IPC access control weakness. Affected software: Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier. Vulnerability: improper access control for IPC messages that allows a local, authenticated/at least local user to...
CVE-2015-0665
CVE-2015-0665 affects Cisco AnyConnect Secure Mobility Client via the Hostscan IPC path traversal. A local authenticated attacker can exploit crafted IPC commands to write or overwrite arbitrary files. Affected: 4.0(.00051) and earlier Hostscan IPC handling (path traversal vulnerability). Impact:...
CVE-2014-8021
CVE-2014-8021 is an XSS vulnerability in Cisco AnyConnect Secure Mobility Client <= 3.1.x and Cisco HostScan Engine
Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(6042) Host Validation Vulnerability
The remote Mac OS X host has a version of Cisco AnyConnect Secure Mobility Client prior to 3.16042. It is, therefore, affected by a vulnerability due to insufficient validation of the type of host which the client is connecting to. An attacker, by tricking users to connect to a malicious host, ca...
Buffer overflow
Buffer overflow in the Active Template Library ATL framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139...
CVE-2013-1130
Cisco AnyConnect Secure Mobility Client on macOS is affected by weak permissions in a library directory (root cause: misconfigured library directory permissions), enabling local privilege escalation via a crafted library file (Bug ID CSCue33619). No patch/version details are provided in the suppl...
CVE-2013-1173
CVE-2013-1173 is a heap-based buffer overflow in ciscod.exe within the Cisco Security Service of Cisco AnyConnect Secure Mobility Client. Exploitation enables local privilege escalation to SYSTEM. Affected: Cisco AnyConnect Secure Mobility Client (Host Scan component) with vulnerable host-scan ha...
CVE-2013-1172
CVE-2013-1172 affects Cisco AnyConnect Secure Mobility Client (VPN Client) via the Host Scan component. The issue arises from how the Cisco Security Service/Host Scan handles messages for file manipulation, failing to verify files properly. This root cause enables a local, unprivileged user with ...
Cisco VPN Client Denial of Service Vulnerability
Cisco VPN Client contains a vulnerability that could allow an authenticated, local attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to improper interaction between the VPN driver and the operating system kernel on a device running the vulnerable...
CVE-2012-3094
The VPN downloader in the downloadinstall component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid...