Anyconnect Secure Mobility Client Security Vulnerabilities and Issues — Anyconnect Secure Mobility Client CVE List

Lucene search

CiscoAnyconnect Secure Mobility Client

8 matches found

CVE•added 2012/08/06 5:55 p.m.•187 views

CVE-2012-2498

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

4CVSS6.5AI score0.00103EPSS

CVE•added 2012/06/20 8:55 p.m.•140 views

CVE-2012-2494

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by us...

4.3CVSS6.7AI score0.00198EPSS

CVE•added 2015/03/18 11:59 p.m.•48 views

CVE-2015-0664

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.

4.3CVSS6.6AI score0.00073EPSS

CVE•added 2015/07/29 2:59 p.m.•47 views

CVE-2015-4290

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

4.9CVSS6.2AI score0.00086EPSS

CVE•added 2012/06/20 8:55 p.m.•45 views

CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by usin...

4.3CVSS6.8AI score0.00215EPSS

CVE•added 2012/08/06 5:55 p.m.•43 views

CVE-2012-2500

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.

4CVSS6.4AI score0.00137EPSS

CVE•added 2018/01/18 6:29 a.m.•42 views

CVE-2018-0100

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when...

4.4CVSS4.4AI score0.00111EPSS

CVE•added 2015/02/03 10:59 p.m.•34 views

CVE-2014-8021

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq8014...

4.3CVSS5.7AI score0.00277EPSS