VYPR

Anyconnect Secure Mobility Client

by Cisco Systems, Inc.

CVEs (66)

  • CVE-2017-3813HigFeb 9, 2017
    risk 0.54cvss 7.8epss 0.02

    A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient…

  • CVE-2017-6638HigJun 8, 2017
    risk 0.51cvss 7.8epss 0.00

    A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to…

  • CVE-2016-9192HigDec 14, 2016
    risk 0.51cvss 7.8epss 0.03

    A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information:…

  • CVE-2016-6369HigAug 25, 2016
    risk 0.51cvss 7.8epss 0.00

    Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.

  • CVE-2018-0229MedApr 19, 2018
    risk 0.43cvss 6.5epss 0.04

    A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD)…

  • CVE-2017-12268MedOct 5, 2017
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy…

  • CVE-2017-6788MedAug 17, 2017
    risk 0.40cvss 6.1epss 0.01

    The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. The vulnerability is due to…

  • CVE-2018-0373MedJun 21, 2018
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The…

  • CVE-2018-0334MedJun 7, 2018
    risk 0.31cvss 4.8epss 0.01

    A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check…

  • CVE-2018-0100MedJan 18, 2018
    risk 0.29cvss 4.4epss 0.00

    A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External…

  • CVE-2020-3153KEVFeb 19, 2020
    risk 0.23cvss epss 0.28

    A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling…

  • CVE-2020-3433KEVAug 17, 2020
    risk 0.21cvss epss 0.10

    A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials…

  • CVE-2011-2039Jun 2, 2011
    risk 0.09cvss epss 0.70

    The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to…

  • CVE-2015-6306Sep 26, 2015
    risk 0.03cvss epss 0.01

    Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.

  • CVE-2015-6305Sep 26, 2015
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as…

  • CVE-2023-20178Jun 28, 2023
    risk 0.02cvss epss 0.05

    A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update…

  • CVE-2011-2040Jun 2, 2011
    risk 0.01cvss epss 0.11

    The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote…

  • CVE-2020-3432Feb 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An…

  • CVE-2021-40124Nov 4, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts…

  • CVE-2021-34788Oct 6, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is…

Page 1 of 4