Anyconnect Secure Mobility Client@3.0 Security Vulnerabilities and Issues — Anyconnect Secure Mobility Client@3.0 CVE List

Lucene search

CiscoAnyconnect Secure Mobility Client3.0

8 matches found

CVE•added 2012/08/06 5:55 p.m.•187 views

CVE-2012-2498

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

4CVSS6.5AI score0.00103EPSS

CVE•added 2012/06/20 8:55 p.m.•140 views

CVE-2012-2494

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by us...

4.3CVSS6.7AI score0.00198EPSS

CVE•added 2012/06/20 8:55 p.m.•48 views

CVE-2012-2493

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows rem...

9.3CVSS7.6AI score0.01576EPSS

CVE•added 2012/06/20 8:55 p.m.•45 views

CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by usin...

4.3CVSS6.8AI score0.00215EPSS

CVE•added 2012/08/06 5:55 p.m.•43 views

CVE-2012-2500

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.

4CVSS6.4AI score0.00137EPSS

CVE•added 2012/08/06 3:55 p.m.•42 views

CVE-2012-1370

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.

3.5CVSS6.3AI score0.00473EPSS

CVE•added 2012/06/20 8:55 p.m.•42 views

CVE-2012-2496

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web si...

6.8CVSS7.7AI score0.01113EPSS

CVE•added 2012/08/06 5:55 p.m.•37 views

CVE-2012-2499

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

5.8CVSS6.4AI score0.00137EPSS