13 matches found
CVE-2010-0440
The CVE-2010-0440 issue is a Cross-Site Scripting (XSS) vulnerability in Cisco Secure Desktop (CSCOT) translation path. Affects Cisco Secure Desktop 3.4.2048 and earlier than 3.5, and is also implicated in Cisco ASA appliances running before 8.2(1), 8.1(2.7), and 8.0(5). The root cause is imprope...
CVE-2012-4655
The CVE-2012-4655 issue affects Cisco Secure Desktop’s WebLaunch downloader: binaries received by the downloader process are not properly validated, allowing remote arbitrary code execution via ActiveX or Java components. Affected product/versions include Cisco Secure Desktop before 3.6.6020 (per...
CVE-2012-2495
Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 are affected by CVE-2012-2495 due to the HostScan downloader not comparing the timestamp of offered software to the installed version, enabling remote downgrade via ActiveX or Java components. Root...
CVE-2015-0691
CVE-2015-0691 concerns Cisco Secure Desktop (CSD) Cache Cleaner, where a Cisco-signed Java Archive (JAR) in the Cache Cleaner component could allow an unauthenticated, remote attacker to execute arbitrary commands via a crafted web site (Bug CSCup83001). The issue: code execution via the signed J...
CVE-2006-5394
The CVE-2006-5394 issue affects Cisco Secure Desktop (CSD) where the default configuration leaves the "Disable printing" option unchecked in Secure Desktop Settings. This could allow local users to read data sent to a printer during another user’s SSL VPN session. The vulnerability originates fro...
CVE-2011-0926
Cisco Secure Desktop (CSD) 3.x is affected by CVE-2011-0926 due to the CSDWebInstaller.ocx ActiveX control not properly validating the signature of a downloaded program during installation, enabling remote code execution by spoofing the CSD installation process. Exploitation details are described...
CVE-2010-0589
CVE-2010-0589 affects Cisco Secure Desktop prior to version 3.5.841. The vulnerability lies in the Web Install ActiveX control (CSDWebInstaller) failing to properly verify signatures of downloaded executables, enabling a remote attacker to force a user to download and execute arbitrary files via ...
CVE-2006-5393
Cisco Secure Desktop (CSD) is affected by CVE-2006-5393 due to the ClearPageFileAtShutdown (CCE-Winv2.0-407) registry value not being required to equal 1. The result is a local disclosure risk where a local user could read memory pages written during another user’s SSL VPN session. Affected softw...
CVE-2011-0925
Cisco Secure Desktop (CSD) 3.x contains an ActiveX flaw in CSDWebInstaller.ocx (CSDWebInstallerCtrl) that allows remote code execution. The vulnerability stems from a lack of validation of executables downloaded by the CSDWebInstaller Web control, enabling an attacker to corrupt a downloaded prog...
CVE-2006-5808
The CVE covers Cisco Secure Desktop (CSD) prior to version 3.1.1.45, where insecure default permissions for the CSD directory and its parent (full control for all users) allow local users to escalate privileges by replacing CSD executables. Affected component: CSD installation directories; root c...
CVE-2009-5008
Cisco Secure Desktop (CSD) together with an AnyConnect SSL VPN server is affected by CVE-2009-5008, where the component does not perform verification correctly, enabling local users to bypass policy restrictions via a modified executable file. Reports across multiple sources (NVD/Red Hat/CVE entr...
CVE-2006-5807
CVE-2006-5807 affects Cisco Secure Desktop (CSD) prior to version 3.1.1.45. The issue allows local users to escape the secure desktop environment by launching certain applications that switch to the default desktop, referred to as System Policy Evasion. The vulnerability is local in scope with pa...
CVE-2006-5806
The CVE-2006-5806 issue affects the SSL VPN Client in Cisco Secure Desktop prior to version 3.1.1.45. The underlying flaw stores sensitive browser session information in a directory outside the CSD vault and does not restrict saving outside the vault, and the data is not cleared when the VPN conn...