Vulnerabilities > Cisco > Anyconnect Secure Mobility Client

DATE CVE VULNERABILITY TITLE RISK
2015-06-24 CVE-2015-4211 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client 3.1(60)
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.
local
low complexity
cisco microsoft CWE-264
7.2
7.2
2015-06-04 CVE-2015-0761 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.
local
low complexity
cisco CWE-264
7.2
7.2
2015-05-29 CVE-2015-0755 Improper Access Control vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(64)
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.
local
low complexity
cisco CWE-284
6.8
6.8
2015-03-18 CVE-2015-0664 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.
local
low complexity
cisco CWE-20
4.3
4.3
2015-03-17 CVE-2015-0665 Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.
local
low complexity
cisco CWE-22
6.6
6.6
2015-03-17 CVE-2015-0663 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
local
low complexity
cisco CWE-264
6.6
6.6
2015-03-17 CVE-2015-0662 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.
local
low complexity
cisco CWE-264
7.2
7.2
2015-02-03 CVE-2014-8021 Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client and Hostscan Engine
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.
network
cisco CWE-79
4.3
4.3
2015-01-14 CVE-2014-3314 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka Bug IDs CSCuo24931 and CSCuo24940.
network
low complexity
cisco CWE-20
5.0
5.0
2013-11-04 CVE-2013-5559 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.
network
cisco CWE-119
6.8
6.8