Vulnerabilities > Cisco > Anyconnect Secure Mobility Client > 3.2.0

DATE CVE VULNERABILITY TITLE RISK
2021-10-06 CVE-2021-34788 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client.
local
high complexity
cisco CWE-367
7.0
7.0
2021-05-06 CVE-2021-1519 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device.
local
low complexity
cisco CWE-20
5.5
5.5
2017-06-08 CVE-2017-6638 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account.
local
low complexity
cisco CWE-20
7.2
7.2
2015-03-18 CVE-2015-0664 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
local
low complexity
cisco CWE-20
4.3
4.3
2015-03-17 CVE-2015-0665 Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
local
low complexity
cisco CWE-22
6.6
6.6
2015-03-17 CVE-2015-0663 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
local
low complexity
cisco CWE-264
6.6
6.6
2015-03-17 CVE-2015-0662 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
local
low complexity
cisco CWE-264
7.2
7.2
2013-04-11 CVE-2013-1173 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
local
cisco CWE-119
6.6
6.6
2013-04-11 CVE-2013-1172 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.
local
cisco CWE-20
6.6
6.6
2012-09-16 CVE-2012-3088 Remote Security vulnerability in Cisco Anyconnect Secure Mobility Client 3.1.0/3.2.0
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
network
cisco
critical
 9.3
9.3