Lucene search
K

112 matches found

CVE
CVE
added 2015/06/24 10:0 a.m.71 views

CVE-2015-4211

Cisco AnyConnect Secure Mobility Client on Windows has a local privilege escalation via path validation failure in the vpndownloader launcher (CMainThread::launchDownloader). A crafted DLL load path (DLL planting) and the downloader’s location bypass the intended checks, enabling a local user to ...

7.2CVSS6.3AI score0.00414EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2015/06/15 12:0 a.m.37 views

Cisco AnyConnect Secure Mobility Client Remote Command Execution

!-- Cisco AnyConnect Secure Mobility Client Remote Command Execution Vendor: Cisco Systems, Inc. Product web page: http://www.cisco.com Affected version: 2.x 3.0 3.0.0A90 3.1.0472 3.1.05187 3.1.06073 3.1.06078 3.1.06079 3.1.07021 3.1.08009 4.0.00013 4.0.00048 4.0.00051 4.0.02052 4.0.00057...

0.3AI score
Exploits0
NVD
NVD
added 2015/06/04 10:59 a.m.19 views

CVE-2015-0761

Cisco AnyConnect Secure Mobility Client before 3.18009 and 4.x before 4.02052 on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790...

7.2CVSS6.3AI score0.00417EPSS
Exploits0References3
CVE
CVE
added 2015/06/04 10:0 a.m.48 views

CVE-2015-0761

Cisco AnyConnect Secure Mobility Client for Linux (Linux builds affected: before 3.1(8009) and before 4.0(2052)) contains a local privilege escalation due to improper implementation of internal functions, allowing an authenticated, local attacker to obtain root privileges by crafting vpnagent opt...

7.2CVSS6.5AI score0.00417EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2015/05/29 3:59 p.m.23 views

Design/Logic Flaw

The Posture module for Cisco Identity Services Engine ISE, as distributed in Cisco AnyConnect Secure Mobility Client 4.064, allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797...

6.8CVSS7.1AI score0.00325EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2015/05/29 3:0 p.m.27 views

CVE-2015-0755

The Posture module for Cisco Identity Services Engine ISE, as distributed in Cisco AnyConnect Secure Mobility Client 4.064, allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797...

6.6AI score0.00325EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/20 12:0 a.m.36 views

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4014.0 / 4.1.x < 4.1.4011.0 Code Execution Vulnerability

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4014.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to install software as...

7.2CVSS5.9AI score0.00371EPSS
Exploits0References2
CVE
CVE
added 2015/03/18 11:0 p.m.60 views

CVE-2015-0664

Cisco AnyConnect Secure Mobility Client (affected: 4.0(.00051) and earlier) contains an IPC channel vulnerability (CVE-2015-0664) that allows a local attacker to write to arbitrary user-space memory and escalate privileges via specially crafted IPC messages. Multiple Nessus/Cisco advisories reite...

4.3CVSS6.6AI score0.00317EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2015/03/18 12:0 a.m.3 views

Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. The Cisco AnyConnect Secure Mobility Client has a security vulnerability in inter-process communication IPC that allows a local attacker to write and overwrite arbitrary files with elevated privileges...

6.6CVSS6.9AI score0.00336EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/03/17 1:0 a.m.30 views

CVE-2015-0665

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0.00051 and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173...

6.2AI score0.00386EPSS
Exploits0References2
CVE
CVE
added 2015/03/17 1:0 a.m.57 views

CVE-2015-0663

The CVE-2015-0663 entry covers Cisco AnyConnect Secure Mobility Client IPC access control weakness. Affected software: Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier. Vulnerability: improper access control for IPC messages that allows a local, authenticated/at least local user to...

6.6CVSS6.5AI score0.00336EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/03/17 1:0 a.m.66 views

CVE-2015-0665

CVE-2015-0665 affects Cisco AnyConnect Secure Mobility Client via the Hostscan IPC path traversal. A local authenticated attacker can exploit crafted IPC commands to write or overwrite arbitrary files. Affected: 4.0(.00051) and earlier Hostscan IPC handling (path traversal vulnerability). Impact:...

6.6CVSS6.5AI score0.00386EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2015/02/03 10:0 p.m.45 views

CVE-2014-8021

CVE-2014-8021 is an XSS vulnerability in Cisco AnyConnect Secure Mobility Client &lt;= 3.1.x and Cisco HostScan Engine

4.3CVSS5.7AI score0.01792EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/01/20 12:0 a.m.32 views

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(6042) Host Validation Vulnerability

The remote Mac OS X host has a version of Cisco AnyConnect Secure Mobility Client prior to 3.16042. It is, therefore, affected by a vulnerability due to insufficient validation of the type of host which the client is connecting to. An attacker, by tricking users to connect to a malicious host, ca...

5CVSS5.6AI score0.01086EPSS
Exploits0References3
Prion
Prion
added 2013/11/04 4:55 p.m.19 views

Buffer overflow

Buffer overflow in the Active Template Library ATL framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139...

6.8CVSS8.2AI score0.02031EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/20 4:0 p.m.50 views

CVE-2013-1130

Cisco AnyConnect Secure Mobility Client on macOS is affected by weak permissions in a library directory (root cause: misconfigured library directory permissions), enabling local privilege escalation via a crafted library file (Bug ID CSCue33619). No patch/version details are provided in the suppl...

6.8CVSS6.7AI score0.0055EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/04/11 10:0 a.m.70 views

CVE-2013-1173

CVE-2013-1173 is a heap-based buffer overflow in ciscod.exe within the Cisco Security Service of Cisco AnyConnect Secure Mobility Client. Exploitation enables local privilege escalation to SYSTEM. Affected: Cisco AnyConnect Secure Mobility Client (Host Scan component) with vulnerable host-scan ha...

6.6CVSS7.1AI score0.00294EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/04/11 10:0 a.m.53 views

CVE-2013-1172

CVE-2013-1172 affects Cisco AnyConnect Secure Mobility Client (VPN Client) via the Host Scan component. The issue arises from how the Cisco Security Service/Host Scan handles messages for file manipulation, failing to verify files properly. This root cause enables a local, unprivileged user with ...

6.6CVSS6.6AI score0.00326EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2013/01/22 4:47 p.m.18 views

Cisco VPN Client Denial of Service Vulnerability

Cisco VPN Client contains a vulnerability that could allow an authenticated, local attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to improper interaction between the VPN driver and the operating system kernel on a device running the vulnerable...

4.6CVSS1.6AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2012/09/16 10:34 a.m.25 views

CVE-2012-3094

The VPN downloader in the downloadinstall component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid...

5CVSS6.2AI score0.01015EPSS
Exploits0References2
Rows per page
Query Builder