Vulnerabilities > Cisco > Anyconnect Secure Mobility Client

DATE CVE VULNERABILITY TITLE RISK
2013-09-20 CVE-2013-1130 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
local
low complexity
cisco apple CWE-264
6.8
6.8
2013-04-11 CVE-2013-1173 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.
local
cisco CWE-119
6.6
6.6
2013-04-11 CVE-2013-1172 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.
local
cisco CWE-20
6.6
6.6
2012-09-16 CVE-2012-3094 Information Exposure vulnerability in Cisco Anyconnect Secure Mobility Client 3.1.0
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.
network
low complexity
cisco linux CWE-200
5.0
5.0
2012-09-16 CVE-2012-3088 Remote Security vulnerability in Cisco Anyconnect Secure Mobility Client 3.1.0/3.2.0
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
network
cisco
critical
 9.3
9.3
2012-08-06 CVE-2012-2500 Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
network
high complexity
cisco CWE-310
4.0
4.0
2012-08-06 CVE-2012-2499 Cryptographic Issues vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
network
cisco CWE-310
5.8
5.8
2012-08-06 CVE-2012-2498 Improper Authentication vulnerability in Cisco Anyconnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
network
high complexity
cisco CWE-287
4.0
4.0
2012-08-06 CVE-2012-1370 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client 3.0/3.0.0629/3.0.07059
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.
network
cisco CWE-119
3.5
3.5
2012-06-20 CVE-2012-2496 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client 3.0
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.
network
cisco CWE-20
6.8
6.8