98 matches found
EUVD-2015-0768
Malware in sbrugna...
EUVD-2015-0676
Malware in sbrugna...
CVE-2023-20178
CVE-2023-20178 affects Cisco AnyConnect Secure Mobility Client for Windows and Cisco Secure Client for Windows. The issue arises in the client update process after a VPN connection, where improper permissions on a temporary directory created during the update could allow a low-privileged, authent...
Vulnerability fixed in Cisco Anyconnect Secure Mobility Client and Secure Client
Cisco has fixed a vulnerability in Anyconnect Secure Mobility Client and Secure Client for windows. A local, authenticated malicious party could exploit the vulnerability to grant themselves elevated privileges and execute arbitrary code execute code with privileges from SYSTEM. Cisco has release...
Cisco AnyConnect Secure Mobility Client Installed (Linux)
Binary data ciscoanyconnectclientnixinstalled.nbin...
Cisco AnyConnect Secure Mobility Client for Windows with VPN Posture (HostScan) Module DLL Hijacking Vulnerability (cisco-sa-anyconnect-pos-dll-ff8j6dFv)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-anyconnect-pos-dll-ff8j6dFv advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
Cisco AnyConnect Secure Mobility Client Input Validation Error Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows is a Windows-based secure mobility client from Cisco that provides secure access to networks and applications from any device. An input validation error vulnerability exists in the interprocess communication IPC channel of Cisco AnyConnect Secur...
Information disclosure
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...
Information disclosure
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execut...
CVE-2021-1496
Cisco AnyConnect Secure Mobility Client for Windows is affected by DLL and executable hijacking vulnerabilities in the install, uninstall, and upgrade processes (CVE-2021-1496). An authenticated, local attacker with valid Windows credentials could hijack DLL or executables used by the client to e...
Vulnerability fixed in Cisco AnyConnect Secure Mobility Client
A vulnerability in the IPC channel of Cisco AnyConnect Secure Mobility Client, an authenticated, local attacker can cause a Denial-of-Service DoS exploit on an affected device. To exploit this security vulnerability, the attacker must have have valid login credentials on the device. Cisco has...
CVE-2021-1450
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials ...
CVE-2021-1450
The CVE-2021-1450 issue affects Cisco AnyConnect Secure Mobility Client. A vulnerability in the IPC channel allows an authenticated, local attacker to cause a DoS on an affected device by sending crafted IPC messages to the AnyConnect process. The root cause is insufficient validation of user-sup...
Cisco AnyConnect Secure Mobility Client Denial of Service Vulnerability
A vulnerability in the interprocess communication IPC channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service DoS condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials ...
Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability (cisco-sa-anyconnect-fileread-PbHbgHMj)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cisco-sa-anyconnect-fileread-PbHbgHMj advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
High-Severity Cisco Flaw Found in CMX Software For Retailers
A high-severity flaw in Cisco’s smart Wi-Fi solution for retailers could allow a remote attacker to alter the password of any account user on affected systems. The vulnerability is part of a number of patches issued by Cisco addressing 67 high-severity CVEs on Wednesday. This included flaws found...
CVE-2021-1258 Cisco AnyConnect Secure Mobility Client Arbitrary File Read Vulnerability
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system OS of an affected device. The vulnerability is due to insufficient file permission...
CVE-2021-1237
Cisco AnyConnect Secure Mobility Client for Windows is affected by CVE-2021-1237 in the Network Access Manager and Web Security Agent components. The issue stems from insufficient validation of runtime-loaded resources, enabling an authenticated, local attacker with valid Windows credentials to c...
CVE-2020-3556
CVE-2020-3556 affects Cisco AnyConnect Secure Mobility Client (Windows/macOS/Linux). The IPC listener lacks authentication, allowing a local, authenticated attacker to send crafted IPC messages to cause the targeted user to execute a script with the user’s privileges. Exploitation requires an ong...
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows, macOS and Linux versions of its AnyConnect Secure Mobility Client Software. While Cisco said it is not aware of any exploits in the wild for the vulnerability, it said Proof-of-Concept PoC exploit...