Lucene search
K
CiscoSecure Desktop

13 matches found

CVE
CVE
added 2010/02/03 6:0 p.m.72 views

CVE-2010-0440

The CVE-2010-0440 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco Secure Desktop (CSCOT) translation path. Affects Cisco Secure Desktop 3.4.2048 and earlier than 3.5, and is also implicated in Cisco ASA appliances running before 8.2(1), 8.1(2.7), and 8.0(5). The root cause is imprope...

4.3CVSS5.6AI score0.04364EPSS
Web
CVE
CVE
added 2012/09/24 5:0 p.m.66 views

CVE-2012-4655

The CVE-2012-4655 issue affects Cisco Secure Desktop’s WebLaunch downloader: binaries received by the downloader process are not properly validated, allowing remote arbitrary code execution via ActiveX or Java components. Affected product/versions include Cisco Secure Desktop before 3.6.6020 (per...

9.3CVSS7.8AI score0.04637EPSS
CVE
CVE
added 2012/06/20 8:0 p.m.60 views

CVE-2012-2495

Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 are affected by CVE-2012-2495 due to the HostScan downloader not comparing the timestamp of offered software to the installed version, enabling remote downgrade via ActiveX or Java components. Root...

4.3CVSS6.8AI score0.01401EPSS
CVE
CVE
added 2015/04/17 1:0 a.m.60 views

CVE-2015-0691

CVE-2015-0691 concerns Cisco Secure Desktop (CSD) Cache Cleaner, where a Cisco-signed Java Archive (JAR) in the Cache Cleaner component could allow an unauthenticated, remote attacker to execute arbitrary commands via a crafted web site (Bug CSCup83001). The issue: code execution via the signed J...

9.3CVSS7.7AI score0.03074EPSS
CVE
CVE
added 2006/10/18 7:0 p.m.58 views

CVE-2006-5394

The CVE-2006-5394 issue affects Cisco Secure Desktop (CSD) where the default configuration leaves the "Disable printing" option unchecked in Secure Desktop Settings. This could allow local users to read data sent to a printer during another user’s SSL VPN session. The vulnerability originates fro...

2.1CVSS6.2AI score0.00315EPSS
CVE
CVE
added 2011/02/25 5:0 p.m.55 views

CVE-2011-0926

Cisco Secure Desktop (CSD) 3.x is affected by CVE-2011-0926 due to the CSDWebInstaller.ocx ActiveX control not properly validating the signature of a downloaded program during installation, enabling remote code execution by spoofing the CSD installation process. Exploitation details are described...

9.3CVSS7.4AI score0.06812EPSS
CVE
CVE
added 2010/04/15 5:0 p.m.52 views

CVE-2010-0589

CVE-2010-0589 affects Cisco Secure Desktop prior to version 3.5.841. The vulnerability lies in the Web Install ActiveX control (CSDWebInstaller) failing to properly verify signatures of downloaded executables, enabling a remote attacker to force a user to download and execute arbitrary files via ...

9.3CVSS6.6AI score0.04758EPSS
CVE
CVE
added 2006/10/18 7:0 p.m.50 views

CVE-2006-5393

Cisco Secure Desktop (CSD) is affected by CVE-2006-5393 due to the ClearPageFileAtShutdown (CCE-Winv2.0-407) registry value not being required to equal 1. The result is a local disclosure risk where a local user could read memory pages written during another user’s SSL VPN session. Affected softw...

5.5CVSS6.2AI score0.00296EPSS
CVE
CVE
added 2011/02/28 3:0 p.m.49 views

CVE-2011-0925

Cisco Secure Desktop (CSD) 3.x contains an ActiveX flaw in CSDWebInstaller.ocx (CSDWebInstallerCtrl) that allows remote code execution. The vulnerability stems from a lack of validation of executables downloaded by the CSDWebInstaller Web control, enabling an attacker to corrupt a downloaded prog...

9.3CVSS6.6AI score0.03285EPSS
CVE
CVE
added 2006/11/08 10:0 p.m.47 views

CVE-2006-5808

The CVE covers Cisco Secure Desktop (CSD) prior to version 3.1.1.45, where insecure default permissions for the CSD directory and its parent (full control for all users) allow local users to escalate privileges by replacing CSD executables. Affected component: CSD installation directories; root c...

4.6CVSS6.7AI score0.00358EPSS
CVE
CVE
added 2010/10/12 9:0 p.m.44 views

CVE-2009-5008

Cisco Secure Desktop (CSD) together with an AnyConnect SSL VPN server is affected by CVE-2009-5008, where the component does not perform verification correctly, enabling local users to bypass policy restrictions via a modified executable file. Reports across multiple sources (NVD/Red Hat/CVE entr...

2.1CVSS6.4AI score0.00353EPSS
CVE
CVE
added 2006/11/08 10:0 p.m.43 views

CVE-2006-5807

CVE-2006-5807 affects Cisco Secure Desktop (CSD) prior to version 3.1.1.45. The issue allows local users to escape the secure desktop environment by launching certain applications that switch to the default desktop, referred to as System Policy Evasion. The vulnerability is local in scope with pa...

4.6CVSS6.3AI score0.00338EPSS
CVE
CVE
added 2006/11/08 10:0 p.m.42 views

CVE-2006-5806

The CVE-2006-5806 issue affects the SSL VPN Client in Cisco Secure Desktop prior to version 3.1.1.45. The underlying flaw stores sensitive browser session information in a directory outside the CSD vault and does not restrict saving outside the vault, and the data is not cleared when the VPN conn...

2.1CVSS5.8AI score0.00342EPSS