112 matches found
EUVD-2015-0768
Malware in sbrugna...
EUVD-2015-0676
Malware in sbrugna...
EUVD-2016-7483
Malware in sbrugna...
CVE-2023-20240
Cisco Secure Client Software (formerly AnyConnect Secure Mobility Client) contains CVE-2023-20240: multiple DoS vulnerabilities caused by an out-of-bounds memory read. An authenticated, local attacker on a multi-user system can log in alongside another user, craft packets to a local port, and cra...
CVE-2023-20178
CVE-2023-20178 affects Cisco AnyConnect Secure Mobility Client for Windows and Cisco Secure Client for Windows. The issue arises in the client update process after a VPN connection, where improper permissions on a temporary directory created during the update could allow a low-privileged, authent...
Vulnerability fixed in Cisco Anyconnect Secure Mobility Client and Secure Client
Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client and Secure Client for windows. A local, authenticated malicious party could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code execute code with privileges from SYSTEM. Cisco has release...
Cisco AnyConnect Secure Mobility Client Installed (Linux)
Binary data ciscoanyconnectclientnixinstalled.nbin...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
Cisco has fixed a vulnerability in AnyConnect Secure Mobility Client. A local malicious agent could potentially exploit it to execute arbitrary code under SYSTEM privileges. Only clients on which the VPN Posture HostScan Module is installed are vulnerable. Cisco has released updates to fix the...
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability (cisco-sa-anyconnect-pos-dll-ff8j6dFv)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-anyconnect-pos-dll-ff8j6dFv advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
Cisco AnyConnect Secure Mobility Client Input Validation Error Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. An input validation error vulnerability exists in the interprocess communication IPC channel of Cisco AnyConnect Secur...
Information disclosure
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...
Information disclosure
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...
CVE-2021-1496
Cisco AnyConnect Secure Mobility Client for Windows is affected by DLL and executable hijacking vulnerabilities in the install, uninstall, and upgrade processes (CVE-2021-1496). An authenticated, local attacker with valid Windows credentials could hijack DLL or executables used by the client to e...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
A vulnerability in the IPC channel of Cisco AnyConnect Secure Mobility Client, an authenticated, local attacker can cause a Denial-of-Service DoS exploit on an affected device. To exploit this security vulnerability, the attacker must have have valid login credentials on the device. Cisco has...
CVE-2021-1450
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials ...
CVE-2021-1450
The CVE-2021-1450 issue affects Cisco AnyConnect Secure Mobility Client. A vulnerability in the IPC channel allows an authenticated, local attacker to cause a DoS on an affected device by sending crafted IPC messages to the AnyConnect process. The root cause is insufficient validation of user-sup...
Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials ...
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability (cisco-sa-anyconnect-fileread-PbHbgHMj)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-anyconnect-fileread-PbHbgHMj advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
High-Severity Cisco Flaw Found in CMX Software For Retailers
A high-severity flaw in Cisco’s smart Wi-Fi solution for retailers could allow a remote attacker to alter the password of any account user on affected systems. The vulnerability is part of a number of patches issued by Cisco addressing 67 high-severity CVEs on Wednesday. This included flaws found...
CVE-2021-1258 Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to insufficient file permission...