Vulnerabilities > Cisco > Anyconnect Secure Mobility Client > 3.0.0629

DATE CVE VULNERABILITY TITLE RISK
2015-03-17 CVE-2015-0662 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
local
low complexity
cisco CWE-264
7.2
7.2
2015-02-03 CVE-2014-8021 Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client and Hostscan Engine
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
network
cisco CWE-79
4.3
4.3
2013-04-11 CVE-2013-1173 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
local
cisco CWE-119
6.6
6.6
2013-04-11 CVE-2013-1172 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.
local
cisco CWE-20
6.6
6.6
2012-08-06 CVE-2012-2500 Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
network
high complexity
cisco CWE-310
4.0
4.0
2012-08-06 CVE-2012-2499 Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
network
cisco CWE-310
5.8
5.8
2012-08-06 CVE-2012-2498 Improper Authentication vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
network
high complexity
cisco CWE-287
4.0
4.0
2012-08-06 CVE-2012-1370 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.
network
cisco CWE-119
3.5
3.5