Vulnerabilities > Cisco > Anyconnect Secure Mobility Client

DATE CVE VULNERABILITY TITLE RISK
2018-01-18 CVE-2018-0100 XXE vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system.
local
low complexity
cisco CWE-611
4.4
4.4
2017-10-05 CVE-2017-12268 Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.5(822)
A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability.
local
low complexity
cisco
6.5
6.5
2017-08-17 CVE-2017-6788 Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client 4.4(4027)/4.5(58)
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-79
6.1
6.1
2017-06-08 CVE-2017-6638 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account.
local
low complexity
cisco CWE-20
7.8
7.8
2017-02-09 CVE-2017-3813 Missing Authorization vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user.
local
low complexity
cisco CWE-862
7.8
7.8
2016-12-14 CVE-2016-9192 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account.
local
low complexity
cisco CWE-264
7.8
7.8
2016-08-25 CVE-2016-6369 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
local
low complexity
cisco CWE-264
7.8
7.8