113 matches found
CVE-2015-0761
Cisco AnyConnect Secure Mobility Client before 3.18009 and 4.x before 4.02052 on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790...
CVE-2015-0761
Cisco AnyConnect Secure Mobility Client for Linux (Linux builds affected: before 3.1(8009) and before 4.0(2052)) contains a local privilege escalation due to improper implementation of internal functions, allowing an authenticated, local attacker to obtain root privileges by crafting vpnagent opt...
Design/Logic Flaw
The Posture module for Cisco Identity Services Engine ISE, as distributed in Cisco AnyConnect Secure Mobility Client 4.064, allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797...
CVE-2015-0755
The Posture module for Cisco Identity Services Engine ISE, as distributed in Cisco AnyConnect Secure Mobility Client 4.064, allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797...
Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1.10010.0 / 4.0.x < 4.0.4014.0 / 4.1.x < 4.1.4011.0 Code Execution Vulnerability
The Cisco AnyConnect Secure Mobility Client installed on the remote Mac OS X host is a version prior to 3.1.10010.0, or is version 4.0.x prior to 4.0.4014.0, or version 4.1.x prior to 4.1.4011.0. It is, therefore, affected by a flaw that allows unauthenticated IPC commands to install software as...
CVE-2015-0664
Cisco AnyConnect Secure Mobility Client (affected: 4.0(.00051) and earlier) contains an IPC channel vulnerability (CVE-2015-0664) that allows a local attacker to write to arbitrary user-space memory and escalate privileges via specially crafted IPC messages. Multiple Nessus/Cisco advisories reite...
Cisco AnyConnect Secure Mobility Client Arbitrary File Write Vulnerability
The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. The Cisco AnyConnect Secure Mobility Client has a security vulnerability in inter-process communication IPC that allows a local attacker to write and overwrite arbitrary files with elevated privileges...
CVE-2015-0665
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0.00051 and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173...
CVE-2015-0663
The CVE-2015-0663 entry covers Cisco AnyConnect Secure Mobility Client IPC access control weakness. Affected software: Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier. Vulnerability: improper access control for IPC messages that allows a local, authenticated/at least local user to...
CVE-2015-0665
CVE-2015-0665 affects Cisco AnyConnect Secure Mobility Client via the Hostscan IPC path traversal. A local authenticated attacker can exploit crafted IPC commands to write or overwrite arbitrary files. Affected: 4.0(.00051) and earlier Hostscan IPC handling (path traversal vulnerability). Impact:...
CVE-2014-8021
CVE-2014-8021 is an XSS vulnerability in Cisco AnyConnect Secure Mobility Client <= 3.1.x and Cisco HostScan Engine
Mac OS X : Cisco AnyConnect Secure Mobility Client < 3.1(6042) Host Validation Vulnerability
The remote Mac OS X host has a version of Cisco AnyConnect Secure Mobility Client prior to 3.16042. It is, therefore, affected by a vulnerability due to insufficient validation of the type of host which the client is connecting to. An attacker, by tricking users to connect to a malicious host, ca...
Mac OS X : Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.0(629) Multiple Vulnerabilities
The remote host has a version of Cisco AnyConnect 2.x or 3.x prior to 3.0629 and is, therefore, affected by the following vulnerabilities : - When the client is obtained from the VPN headend using a web browser, a helper application performs the download and installation. This helper application...
Buffer overflow
Buffer overflow in the Active Template Library ATL framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139...
CVE-2013-1130
Cisco AnyConnect Secure Mobility Client on macOS is affected by weak permissions in a library directory (root cause: misconfigured library directory permissions), enabling local privilege escalation via a crafted library file (Bug ID CSCue33619). No patch/version details are provided in the suppl...
CVE-2013-1172
CVE-2013-1172 affects Cisco AnyConnect Secure Mobility Client (VPN Client) via the Host Scan component. The issue arises from how the Cisco Security Service/Host Scan handles messages for file manipulation, failing to verify files properly. This root cause enables a local, unprivileged user with ...
CVE-2013-1173
CVE-2013-1173 is a heap-based buffer overflow in ciscod.exe within the Cisco Security Service of Cisco AnyConnect Secure Mobility Client. Exploitation enables local privilege escalation to SYSTEM. Affected: Cisco AnyConnect Secure Mobility Client (Host Scan component) with vulnerable host-scan ha...
Cisco VPN Client Denial of Service Vulnerability
Cisco VPN Client contains a vulnerability that could allow an authenticated, local attacker to cause a denial of service DoS condition on a targeted system. The vulnerability is due to improper interaction between the VPN driver and the operating system kernel on a device running the vulnerable...
CVE-2012-3094
The VPN downloader in the downloadinstall component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid...
CVE-2012-3088
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166...