Vulnerabilities > Cisco > Anyconnect Secure Mobility Client > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2020-3153 Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client 4.8.00175/4.8.01090
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges.
local
low complexity
cisco CWE-427
4.9
4.9
2019-05-16 CVE-2019-1853 Out-of-bounds Read vulnerability in Cisco Anyconnect Secure Mobility Client 4.6(2074)
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system.
network
low complexity
cisco CWE-125
5.0
5.0
2018-06-21 CVE-2018-0373 Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.
local
low complexity
cisco microsoft CWE-20
4.9
4.9
2018-06-07 CVE-2018-0334 Improper Certificate Validation vulnerability in Cisco Anyconnect Secure Mobility Client 4.6(100)
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files.
network
cisco CWE-295
5.8
5.8
2018-04-19 CVE-2018-0229 Session Fixation vulnerability in Cisco products
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software.
network
low complexity
cisco CWE-384
6.5
6.5
2017-08-17 CVE-2017-6788 Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client 4.4(4027)/4.5(58)
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
cisco CWE-79
4.3
4.3
2015-10-12 CVE-2015-6322 Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563.
local
low complexity
cisco CWE-264
6.6
6.6
2015-08-01 CVE-2015-4289 Path Traversal vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049)
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.
network
low complexity
cisco CWE-22
6.4
6.4
2015-07-29 CVE-2015-4290 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(2049)
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.
local
low complexity
cisco apple CWE-119
4.9
4.9
2015-05-29 CVE-2015-0755 Improper Access Control vulnerability in Cisco Anyconnect Secure Mobility Client 4.0(64)
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.
local
low complexity
cisco CWE-284
6.8
6.8