Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-17	CVE-2020-3434	Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. local low complexity cisco CWE-20	5.5
2020-02-19	CVE-2020-3153	Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090 A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. local low complexity cisco CWE-427	6.5
2018-06-21	CVE-2018-0373	Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. local low complexity cisco CWE-20	5.5
2018-06-07	CVE-2018-0334	Improper Certificate Validation vulnerability in Cisco Anyconnect Secure Mobility Client 4.6(100) A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. network high complexity cisco CWE-295	4.8
2018-04-19	CVE-2018-0229	Session Fixation vulnerability in Cisco products A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. network low complexity cisco CWE-384	6.5
2018-01-18	CVE-2018-0100	XXE vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. local low complexity cisco CWE-611	4.4
2017-10-05	CVE-2017-12268	Unspecified vulnerability in Cisco Anyconnect Secure Mobility Client 4.5(822) A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. local low complexity cisco	6.5
2017-08-17	CVE-2017-6788	Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client 4.4(4027)/4.5(58) The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. network low complexity cisco CWE-79	6.1