Secure Desktop@3.1.1.27 Security Vulnerabilities and Issues — Secure Desktop@3.1.1.27 CVE List

Lucene search

CiscoSecure Desktop3.1.1.27

4 matches found

CVE•added 2012/09/24 5:55 p.m.•53 views

CVE-2012-4655

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

9.3CVSS7.8AI score0.02399EPSS

CVE•added 2012/06/20 8:55 p.m.•45 views

CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by usin...

4.3CVSS6.8AI score0.00215EPSS

CVE•added 2010/04/15 5:30 p.m.•37 views

CVE-2010-0589

The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.

9.3CVSS6.6AI score0.01572EPSS

CVE•added 2006/11/08 10:7 p.m.•35 views

CVE-2006-5808

The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".

4.6CVSS6.7AI score0.00075EPSS