113 matches found
CVE-2012-3094
The CVE-2012-3094 entry concerns Cisco AnyConnect Secure Mobility Client 3.1.x prior to 3.1.00495 on Linux, where the VPN downloader in the download_install component accepts arbitrary X.509 server certificates without user interaction. This root cause enables remote attackers to obtain sensitive...
CVE-2012-3088
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166...
CVE-2012-3088
Cisco AnyConnect Secure Mobility Client 3.1.x (before 3.1.00495) and 3.2.x fails to verify whether an HTTP request contains ScanSafe headers, enabling remote attackers to trigger an unspecified impact via a crafted request (Bug ID CSCua13166). Affected component: AnyConnect client; root cause: la...
Cisco Products ActiveX Control Multiple Vulnerabilities
Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities
Code execution, protection bypass...
Cisco AnyConnect Secure Mobility Client 3.1 < 3.1(495) MiTM
The remote host has a version of Cisco AnyConnect 3.1 prior to 3.1495. As such, it prompts the user to decide whether or not to proceed when an untrusted certificate is seen. Accepting an untrusted certificate could result in a man-in-the-middle attack. C Tenable Network Security, Inc...
CVE-2012-2500
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 is vulnerable to a WebLaunch IPsec certificate name check bypass. The root cause is failure to verify the X.509 certificate name, enabling MITM attackers to spoof servers via a crafted certificate. Impact is interception of WebLaunch se...
CVE-2012-2499
CVE-2012-2499 affects Cisco AnyConnect Secure Mobility Client prior to 3.0.08057. The IPsec implementation fails to verify the certificate name in an X.509 certificate, enabling MITM with a crafted certificate and potential server spoofing. Root cause: missing certificate-name validation for IPse...
CVE-2012-2498
CVE-2012-2498 affects Cisco AnyConnect Secure Mobility Client 3.0–3.0.08066, where authentication may accept crafted certificates, allowing user-assisted or unauthenticated MITM to spoof servers due to insufficient certificate validation (Bug CSCtz29197). Cisco issued the advisory Cisco-SA-201208...
CVE-2012-1370
Cisco AnyConnect Secure Mobility Client 3.0 is affected by CVE-2012-1370 when using versions before 3.0.08057. The issue allows remote authenticated users to cause a denial of service by sending a crafted packet that crashes the vpnagentd process (Bug ID CSCty01670). The connected documents consi...
MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities
The remote host has a version of Cisco AnyConnect 2.5 MR6 / 3.0 MR8. Such versions are potentially affected by multiple vulnerabilities : - The WebLaunch VPN downloader implementation does not properly validate binaries that are received, which can allow remote attackers to execute arbitrary code...
MacOSX Cisco AnyConnect Secure Mobility Client Detection
Cisco AnyConnect Secure Mobility Client formerly known as Cisco AnyConnect VPN Client is installed on the remote host. This software can be used for secure connectivity. TRUSTED...
Cisco AnyConnect Secure Mobility Client VPN Downloader RCE (cisco-sa-20120620-ac)
The remote host has a version of Cisco AnyConnect 2.5 MR6. Such versions are potentially affected by an arbitrary code execution vulnerability. The WebLaunch VPN downloader implementation does not properly validate binaries that are received, which can allow remote attackers to execute arbitrary...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Advisory ID: cisco-sa-20120620-ac Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +--------------------------------------------------------------------- Summary ======= T...
CVE-2012-2493
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows...
Code injection
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...
Code injection
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...
CVE-2012-2495
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...
CVE-2012-2495
Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 are affected by CVE-2012-2495 due to the HostScan downloader not comparing the timestamp of offered software to the installed version, enabling remote downgrade via ActiveX or Java components. Root...
CVE-2012-2496
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...