Lucene search
+L

113 matches found

cve
cve
added 2012/09/16 10:0 a.m.44 views

CVE-2012-3094

The CVE-2012-3094 entry concerns Cisco AnyConnect Secure Mobility Client 3.1.x prior to 3.1.00495 on Linux, where the VPN downloader in the download_install component accepts arbitrary X.509 server certificates without user interaction. This root cause enables remote attackers to obtain sensitive...

5CVSS6.3AI score0.01015EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2012/09/16 10:0 a.m.25 views

CVE-2012-3088

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166...

6.7AI score0.01783EPSS
Exploits0References2
cve
cve
added 2012/09/16 10:0 a.m.51 views

CVE-2012-3088

Cisco AnyConnect Secure Mobility Client 3.1.x (before 3.1.00495) and 3.2.x fails to verify whether an HTTP request contains ScanSafe headers, enabling remote attackers to trigger an unspecified impact via a crafted request (Bug ID CSCua13166). Affected component: AnyConnect client; root cause: la...

9.3CVSS6.9AI score0.01783EPSS
Exploits0References2Affected Software1
openvas
openvas
added 2012/09/12 12:0 a.m.30 views

Cisco Products ActiveX Control Multiple Vulnerabilities

Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

9.3CVSS6.4AI score0.03885EPSS
Exploits0References8
securityvulns
securityvulns
added 2012/08/27 12:0 a.m.90 views

Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities

Code execution, protection bypass...

9.3CVSS2.5AI score0.04637EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2012/08/13 12:0 a.m.40 views

Cisco AnyConnect Secure Mobility Client 3.1 < 3.1(495) MiTM

The remote host has a version of Cisco AnyConnect 3.1 prior to 3.1495. As such, it prompts the user to decide whether or not to proceed when an untrusted certificate is seen. Accepting an untrusted certificate could result in a man-in-the-middle attack. C Tenable Network Security, Inc...

4CVSS5.5AI score0.00482EPSS
Exploits0References2
cve
cve
added 2012/08/06 5:0 p.m.55 views

CVE-2012-2500

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 is vulnerable to a WebLaunch IPsec certificate name check bypass. The root cause is failure to verify the X.509 certificate name, enabling MITM attackers to spoof servers via a crafted certificate. Impact is interception of WebLaunch se...

4CVSS6.4AI score0.00463EPSS
Exploits0References1Affected Software1
cve
cve
added 2012/08/06 5:0 p.m.51 views

CVE-2012-2499

CVE-2012-2499 affects Cisco AnyConnect Secure Mobility Client prior to 3.0.08057. The IPsec implementation fails to verify the certificate name in an X.509 certificate, enabling MITM with a crafted certificate and potential server spoofing. Root cause: missing certificate-name validation for IPse...

5.8CVSS6.4AI score0.00527EPSS
Exploits0References1Affected Software1
cve
cve
added 2012/08/06 5:0 p.m.203 views

CVE-2012-2498

CVE-2012-2498 affects Cisco AnyConnect Secure Mobility Client 3.0–3.0.08066, where authentication may accept crafted certificates, allowing user-assisted or unauthenticated MITM to spoof servers due to insufficient certificate validation (Bug CSCtz29197). Cisco issued the advisory Cisco-SA-201208...

4CVSS6.5AI score0.00482EPSS
Exploits0References1Affected Software1
cve
cve
added 2012/08/06 3:0 p.m.55 views

CVE-2012-1370

Cisco AnyConnect Secure Mobility Client 3.0 is affected by CVE-2012-1370 when using versions before 3.0.08057. The issue allows remote authenticated users to cause a denial of service by sending a crafted packet that crashes the vpnagentd process (Bug ID CSCty01670). The connected documents consi...

3.5CVSS6.3AI score0.01052EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2012/07/02 12:0 a.m.27 views

MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities

The remote host has a version of Cisco AnyConnect 2.5 MR6 / 3.0 MR8. Such versions are potentially affected by multiple vulnerabilities : - The WebLaunch VPN downloader implementation does not properly validate binaries that are received, which can allow remote attackers to execute arbitrary code...

9.3CVSS6AI score0.03885EPSS
Exploits0References8
nessus
nessus
added 2012/07/02 12:0 a.m.30 views

MacOSX Cisco AnyConnect Secure Mobility Client Detection

Cisco AnyConnect Secure Mobility Client formerly known as Cisco AnyConnect VPN Client is installed on the remote host. This software can be used for secure connectivity. TRUSTED...

5.5AI score
Exploits0References1
nessus
nessus
added 2012/07/02 12:0 a.m.41 views

Cisco AnyConnect Secure Mobility Client VPN Downloader RCE (cisco-sa-20120620-ac)

The remote host has a version of Cisco AnyConnect 2.5 MR6. Such versions are potentially affected by an arbitrary code execution vulnerability. The WebLaunch VPN downloader implementation does not properly validate binaries that are received, which can allow remote attackers to execute arbitrary...

9.3CVSS6AI score0.03885EPSS
Exploits0References4
securityvulns
securityvulns
added 2012/06/25 12:0 a.m.64 views

Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Advisory ID: cisco-sa-20120620-ac Revision 1.0 For Public Release 2012 June 20 16:00 UTC GMT +--------------------------------------------------------------------- Summary ======= T...

1AI score
Exploits0
nvd
nvd
added 2012/06/20 8:55 p.m.27 views

CVE-2012-2493

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows...

9.3CVSS7.4AI score0.03885EPSS
Exploits0References1
prion
prion
added 2012/06/20 8:55 p.m.25 views

Code injection

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...

4.3CVSS7.2AI score0.01401EPSS
Exploits0References1Affected Software2
prion
prion
added 2012/06/20 8:55 p.m.22 views

Code injection

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...

4.3CVSS7.2AI score0.01401EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2012/06/20 8:0 p.m.34 views

CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by...

6.6AI score0.01401EPSS
Exploits0References1
cve
cve
added 2012/06/20 8:0 p.m.64 views

CVE-2012-2495

Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 are affected by CVE-2012-2495 due to the HostScan downloader not comparing the timestamp of offered software to the installed version, enabling remote downgrade via ActiveX or Java components. Root...

4.3CVSS6.8AI score0.01401EPSS
Exploits0References1Affected Software2
cvelist
cvelist
added 2012/06/20 8:0 p.m.28 views

CVE-2012-2496

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web...

7.4AI score0.02035EPSS
Exploits0References1
Rows per page
Query Builder