Vulnerabilities > Cisco > Anyconnect Secure Mobility Client > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-13 | CVE-2021-1237 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. | 7.8 |
| 2020-11-06 | CVE-2020-3556 | Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.9(3052)/98.145(86) A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to execute a malicious script. | 7.3 |
| 2020-09-23 | CVE-2019-16007 | Insufficient Verification of Data Authenticity vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. | 7.1 |
| 2020-08-17 | CVE-2020-3433 | Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. | 7.8 |
| 2019-05-16 | CVE-2019-1853 | Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client 4.6(2074) A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. | 7.5 |
| 2017-06-08 | CVE-2017-6638 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. | 7.8 |
| 2017-02-09 | CVE-2017-3813 | Missing Authorization vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. | 7.8 |
| 2016-12-14 | CVE-2016-9192 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. | 7.8 |
| 2016-08-25 | CVE-2016-6369 | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. | 7.8 |