Anyconnect Secure Mobility Client Security Vulnerabilities and Issues — Page 2 of Anyconnect Secure Mobility Client CVE List

Lucene search

CiscoAnyconnect Secure Mobility Client

69 matches found

CVE•added 2012/08/06 5:55 p.m.•43 views

CVE-2012-2500

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.

4CVSS6.4AI score0.00137EPSS

CVE•added 2021/05/06 1:15 p.m.•43 views

CVE-2021-1430

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute ...

7.8CVSS7.5AI score0.00054EPSS

CVE•added 2012/08/06 3:55 p.m.•42 views

CVE-2012-1370

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.

3.5CVSS6.3AI score0.00473EPSS

CVE•added 2012/06/20 8:55 p.m.•42 views

CVE-2012-2496

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web si...

6.8CVSS7.7AI score0.01113EPSS

CVE•added 2018/01/18 6:29 a.m.•42 views

CVE-2018-0100

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when...

4.4CVSS4.4AI score0.00111EPSS

CVE•added 2021/05/06 1:15 p.m.•41 views

CVE-2021-1496

7.8CVSS7.5AI score0.00147EPSS

CVE•added 2013/04/11 10:55 a.m.•40 views

CVE-2013-1172

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.

6.6CVSS6.6AI score0.0008EPSS

CVE•added 2015/09/26 1:59 a.m.•40 views

CVE-2015-6306

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.

7.2CVSS6.1AI score0.03548EPSS

CVE•added 2021/05/06 1:15 p.m.•40 views

CVE-2021-1428

7.8CVSS7.5AI score0.00054EPSS

CVE•added 2013/11/04 4:55 p.m.•38 views

CVE-2013-5559

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.

6.8CVSS7.7AI score0.01865EPSS

CVE•added 2015/01/14 7:59 p.m.•38 views

CVE-2014-3314

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.

5CVSS7.1AI score0.00354EPSS

CVE•added 2012/08/06 5:55 p.m.•37 views

CVE-2012-2499

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

5.8CVSS6.4AI score0.00137EPSS

CVE•added 2013/09/20 4:55 p.m.•37 views

CVE-2013-1130

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.

6.8CVSS6.7AI score0.00152EPSS

CVE•added 2015/06/04 10:59 a.m.•36 views

CVE-2015-0761

Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.

7.2CVSS6.5AI score0.00122EPSS

CVE•added 2012/09/16 10:34 a.m.•34 views

CVE-2012-3088

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

9.3CVSS6.9AI score0.00484EPSS

CVE•added 2015/02/03 10:59 p.m.•34 views

CVE-2014-8021

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq8014...

4.3CVSS5.7AI score0.00277EPSS

CVE•added 2015/05/29 3:59 p.m.•33 views

CVE-2015-0755

The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.

6.8CVSS6.8AI score0.00055EPSS

CVE•added 2012/09/16 10:34 a.m.•32 views

CVE-2012-3094

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certif...

5CVSS6.3AI score0.00119EPSS

CVE•added 2021/05/06 1:15 p.m.•31 views

CVE-2021-1427

7.8CVSS7.5AI score0.00054EPSS

Total number of security vulnerabilities69