CVE-2011-2039 - OpenCVE

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Anyconnect Secure Mobility Client
Microsoft	Windows Windows Mobile

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:anyconnect_secure_mobility_client::::::::
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:::::::*

OR	cpe:2.3:o:microsoft:windows::::::::
	cpe:2.3:o:microsoft:windows_mobile::::::::

No data.

References

Link	Providers
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909
http://osvdb.org/72714
http://securityreason.com/securityalert/8272
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
http://www.kb.cert.org/vuls/id/490097
http://www.securitytracker.com/id?1025591
https://exchange.xforce.ibmcloud.com/vulnerabilities/67739

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2011-06-02T19:00:00

Updated: 2024-08-06T22:46:00.841Z

Reserved: 2011-05-10T00:00:00

Link: CVE-2011-2039

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-06-02T19:55:04.373

Modified: 2017-08-29T01:29:15.720

Link: CVE-2011-2039

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-01T00:00:00", "descriptions": [{"lang": "en", "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "72714", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/72714"}, {"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"}, {"name": "8272", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8272"}, {"name": "1025591", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025591"}, {"name": "VU#490097", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/490097"}, {"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"}, {"name": "cisco-asmc-helper-code-execution(67739)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-2039", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72714", "refsource": "OSVDB", "url": "http://osvdb.org/72714"}, {"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"}, {"name": "8272", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8272"}, {"name": "1025591", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025591"}, {"name": "VU#490097", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/490097"}, {"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"}, {"name": "cisco-asmc-helper-code-execution(67739)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:46:00.841Z"}, "title": "CVE Program Container", "references": [{"name": "72714", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/72714"}, {"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"}, {"name": "8272", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8272"}, {"name": "1025591", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1025591"}, {"name": "VU#490097", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/490097"}, {"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE", "x_transferred"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"}, {"name": "cisco-asmc-helper-code-execution(67739)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2011-2039", "datePublished": "2011-06-02T19:00:00", "dateReserved": "2011-05-10T00:00:00", "dateUpdated": "2024-08-06T22:46:00.841Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "29845E2B-0BED-4C8F-8A41-260D6E9ECB1B", "versionEndIncluding": "2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B522088-2084-491B-98F0-3E3CCD88131F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DA179B71-AC81-4587-8FB1-0466B2550975", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "210B66BB-4E2C-4D9E-BFBB-69916A42287C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*", "matchCriteriaId": "B77EB2C9-BACE-46EA-AA72-FF1C7EB1A5F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*", "matchCriteriaId": "06527370-E73A-40FF-8E02-E0337536C7C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*", "matchCriteriaId": "A617295C-F518-4BC7-8442-E476448D8F01", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*", "matchCriteriaId": "E71A1D6B-8E87-4E3A-A1AE-DE44C2C348F9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."}, {"lang": "es", "value": "La aplicaci\u00f3n de ayuda en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.185 para Windows y Windows Mobile, descarga un archivo de cliente ejecutable, sin verificar su autenticidad, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por suplantaci\u00f3n de identidad del servidor VPN. Error tambi\u00e9n conocido como Bug ID CSCsy00904."}], "id": "CVE-2011-2039", "lastModified": "2017-08-29T01:29:15.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-02T19:55:04.373", "references": [{"source": "ykramarz@cisco.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"}, {"source": "ykramarz@cisco.com", "url": "http://osvdb.org/72714"}, {"source": "ykramarz@cisco.com", "url": "http://securityreason.com/securityalert/8272"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"}, {"source": "ykramarz@cisco.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/490097"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1025591"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}