Total 76 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-4211 2 Cisco, Microsoft 2 Anyconnect Secure Mobility Client, Windows 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.
CVE-2015-0761 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.
CVE-2015-0755 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.
CVE-2015-0665 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
CVE-2015-0664 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
CVE-2015-0663 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
CVE-2015-0662 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
CVE-2014-8021 1 Cisco 2 Anyconnect Secure Mobility Client, Hostscan Engine 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
CVE-2014-3314 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.
CVE-2013-5559 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.
CVE-2013-1173 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
CVE-2013-1172 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.
CVE-2013-1130 2 Apple, Cisco 2 Mac Os X, Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
CVE-2012-3094 2 Cisco, Linux 2 Anyconnect Secure Mobility Client, Linux Kernel 2024-11-21 N/A
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.
CVE-2012-3088 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
CVE-2012-2500 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
CVE-2012-2499 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
CVE-2012-2498 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
CVE-2012-2496 1 Cisco 1 Anyconnect Secure Mobility Client 2024-11-21 N/A
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.
CVE-2012-2495 1 Cisco 2 Anyconnect Secure Mobility Client, Secure Desktop 2024-11-21 N/A
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.