Cisco

Anyconnect Secure Mobility Client

62 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.6

CVE-2015-0665

  • EPSS 0.08%
  • Veröffentlicht 17.03.2015 02:01:49
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.

6.6

CVE-2015-0663

  • EPSS 0.08%
  • Veröffentlicht 17.03.2015 02:01:49
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.

7.2

CVE-2015-0662

  • EPSS 0.08%
  • Veröffentlicht 17.03.2015 02:01:47
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.

4.3

CVE-2014-8021

  • EPSS 0.28%
  • Veröffentlicht 03.02.2015 22:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an appl...

5

CVE-2014-3314

  • EPSS 0.35%
  • Veröffentlicht 14.01.2015 19:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.

6.8

CVE-2013-5559

  • EPSS 1.87%
  • Veröffentlicht 04.11.2013 16:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.

6.8

CVE-2013-1130

  • EPSS 0.15%
  • Veröffentlicht 20.09.2013 16:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.

6.6

CVE-2013-1173

  • EPSS 0.09%
  • Veröffentlicht 11.04.2013 10:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.

6.6

CVE-2013-1172

  • EPSS 0.08%
  • Veröffentlicht 11.04.2013 10:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.

5

CVE-2012-3094

  • EPSS 0.12%
  • Veröffentlicht 16.09.2012 10:34:50
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive in...