Vulnerabilities > Cisco > Secure Desktop > 3.1.1.27
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-09-24 | CVE-2012-4655 | Improper Input Validation vulnerability in Cisco Secure Desktop The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204. | 9.3 |
| 2012-06-20 | CVE-2012-2495 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client and Secure Desktop The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. | 4.3 |
| 2010-04-15 | CVE-2010-0589 | Improper Input Validation vulnerability in Cisco Secure Desktop The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876. | 9.3 |
| 2006-11-08 | CVE-2006-5808 | Multiple vulnerability in Cisco Secure Desktop The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". | 4.6 |
| 2006-11-08 | CVE-2006-5807 | Multiple vulnerability in Cisco Secure Desktop Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". | 4.6 |
| 2006-11-08 | CVE-2006-5806 | Multiple vulnerability in Cisco Secure Desktop SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. | 2.1 |