Lucene search
K

113 matches found

CNVD
CNVD
added 2016/08/25 12:0 a.m.4 views

Cisco AnyConnect Secure Mobility Client Local Elevation of Privilege Vulnerability

Cisco AnyConnect Secure Mobility Client is a secure mobility client from Cisco that provides secure access to networks and applications from any device. A local elevation of privilege vulnerability exists in Cisco AnyConnect Secure Mobility Client versions prior to 4.2.05015 and 4.3.02039. A loca...

7.8CVSS7.5AI score0.00392EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/01/22 12:0 a.m.196 views

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x8664 Montgomery...

7.5CVSS6.9AI score0.44016EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2016/01/22 12:0 a.m.125 views

Cisco AnyConnect Secure Mobility Client < 3.1.13015.0 / 4.2.x < 4.2.1035.0 Multiple OpenSSL Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.13015.0 or 4.2.x prior to 4.2.1035.0. It is, therefore, affected by multiple vulnerabilities in the bundled version of OpenSSL : - A carry propagating flaw exists in the x8664 Montgomery squaring...

7.5CVSS6.9AI score0.44016EPSS
Exploits1References7
CVE
CVE
added 2015/10/12 10:0 a.m.69 views

CVE-2015-6322

CVE-2015-6322 affects Cisco AnyConnect Secure Mobility Client IPC channel. The vulnerability arises from missing source-path validation in IPC commands, allowing a local attacker to bypass access restrictions and move arbitrary files with elevated privileges. Affected products include AnyConnect ...

6.6CVSS6.6AI score0.00383EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/09/26 1:59 a.m.28 views

CVE-2015-6306

Cisco AnyConnect Secure Mobility Client 4.18 on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947...

7.2CVSS6AI score0.01048EPSS
Exploits3References7
CVE
CVE
added 2015/09/25 1:0 a.m.78 views

CVE-2015-6305

CVE-2015-6305 affects Cisco AnyConnect Secure Mobility Client for Windows (versions 2.0–4.1). The issue arises from untrusted search path handling in vpndownloader.exe’s CMainThread::launchDownloader, enabling a local attacker with valid credentials to plant a malicious DLL in the current working...

7.2CVSS6.4AI score0.01202EPSS
Exploits3References6Affected Software1
CVE
CVE
added 2015/09/25 1:0 a.m.59 views

CVE-2015-6306

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux is affected by an elevation-of-privilege vulnerability (CVE-2015-6306) due to not verifying pathnames before installation actions, enabling local users to obtain root privileges via a crafted installation file. Public writeups descr...

7.2CVSS6.1AI score0.01048EPSS
Exploits3References7Affected Software1
exploitpack
exploitpack
added 2015/09/23 12:0 a.m.22 views

Cisco AnyConnect 3.1.08009 - Local Privilege Escalation (via DMG Install Script)

Cisco AnyConnect 3.1.08009 - Local Privilege Escalation via DMG Install Script / Cisco AnyConnect elevation of privileges via DMG install script - proof of concept Yorick Koster, July 2015 https://securify.nl/advisory/SFY20150701/ciscoanyconnectelevationofprivilegesviadmginstallscript.html based ...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/19 12:0 a.m.33 views

Cisco AnyConnect Secure Mobility Client 3.x < 3.1.10010.0 / 4.x < 4.1.4011.0 Arbitrary File Write

The Cisco AnyConnect Secure Mobility Client installed on the remote host is version 3.x prior to 3.1.10010.0 or 4.x prior to 4.1.4011.0. It is, therefore, affected by a flaw due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this issue, by...

6.4CVSS5.8AI score0.01927EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/07 12:0 a.m.22 views

Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4013.0 / 4.1.x < 4.1.4011.0 IPC File Write Vulnerability

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4013.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to write files. A local,...

6.6CVSS5.7AI score0.00336EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/07 12:0 a.m.33 views

Cisco AnyConnect Secure Mobility Client < 3.1.8009.0 / 4.0.x < 4.0.2052.0 / 4.1.x < 4.1.28.0 Multiple Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote host is a version prior to 3.1.8009.0, or is version 4.0.x prior to 4.0.2052.0, or version 4.1.x prior to 4.1.28.0. It is, therefore, affected by the following vulnerabilities : - A flaw exists due to not sanitizing the input of...

6.6CVSS6AI score0.00386EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/08/07 12:0 a.m.27 views

Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.8009.0 / 4.0.x < 4.0.2052.0 / 4.1.x < 4.1.28.0 Multiple Vulnerabilities

The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.8009.0, or is version 4.0.x prior to 4.0.2052.0, or version 4.1.x prior to 4.1.28.0. It is, therefore, affected by the following vulnerabilities : - A flaw exists due to not sanitizing the...

6.6CVSS6AI score0.00386EPSS
Exploits0References4
CVE
CVE
added 2015/08/01 1:0 a.m.68 views

CVE-2015-4289

Cisco AnyConnect Secure Mobility Client 4.0(2049) is affected by a directory traversal vulnerability that allows an unauthenticated head-end to craft attributes and cause the client to write arbitrary files in the active user’s context. The issue stems from insufficient input validation during co...

6.4CVSS6.8AI score0.01927EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2015/07/29 2:59 p.m.21 views

CVE-2015-4290

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.02049 on OS X allows local users to cause a denial of service panic via vectors involving contiguous memory locations, aka Bug ID CSCut12255...

4.9CVSS6AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/29 2:0 p.m.21 views

CVE-2015-4290

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.02049 on OS X allows local users to cause a denial of service panic via vectors involving contiguous memory locations, aka Bug ID CSCut12255...

6AI score0.00292EPSS
Exploits0References2
CNVD
CNVD
added 2015/06/26 12:0 a.m.4 views

Cisco AnyConnect Secure Mobility Client Privilege Setting Vulnerability

The Cisco AnyConnect Secure Mobility Client is a suite of devices that enable remote users to securely connect to the Cisco ASA 5500 appliance via SSL VPN. A security vulnerability in the handling of pathnames in the Cisco AnyConnect Secure Mobility Client for Windows-based platforms allows a loc...

7.2CVSS6.6AI score0.00414EPSS
Exploits2References1
CVE
CVE
added 2015/06/24 10:0 a.m.72 views

CVE-2015-4211

Cisco AnyConnect Secure Mobility Client on Windows has a local privilege escalation via path validation failure in the vpndownloader launcher (CMainThread::launchDownloader). A crafted DLL load path (DLL planting) and the downloader’s location bypass the intended checks, enabling a local user to ...

7.2CVSS6.3AI score0.00414EPSS
Exploits2References3Affected Software1
0day.today
0day.today
added 2015/06/16 12:0 a.m.68 views

Cisco AnyConnect Secure Mobility 2.x, 3.x, 4.x - Client DoS PoC

Cisco AnyConnect Secure Mobility Client VPN API suffers from a stack buffer overflow vulnerability when parsing large amount of bytes to the 'strHostNameOrAddress' parameter in 'ConnectVpn' function which resides in the vpnapi.dll library, resulting in memory corruption and overflow of the stack...

8.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/06/15 12:0 a.m.37 views

Cisco AnyConnect Secure Mobility Client Remote Command Execution

!-- Cisco AnyConnect Secure Mobility Client Remote Command Execution Vendor: Cisco Systems, Inc. Product web page: http://www.cisco.com Affected version: 2.x 3.0 3.0.0A90 3.1.0472 3.1.05187 3.1.06073 3.1.06078 3.1.06079 3.1.07021 3.1.08009 4.0.00013 4.0.00048 4.0.00051 4.0.02052 4.0.00057...

0.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2015/06/13 12:0 a.m.55 views

Cisco AnyConnect Secure Mobility Client Remote Command Execution

Summary Cisco AnyConnect Secure Mobility Solution empowers your employees to work from anywhere, on corporate laptops as well as personal mobile devices, regardless of physical location. It provides the security necessary to help keep your organization’s data safe and protected. Description The...

6.3AI score
Exploits0
Rows per page
Query Builder