Skip to main content

Anyconnect Secure Mobility Client

64 CVEs product

Monthly

CVE-2020-3432 MEDIUM This Month

A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Anyconnect Secure Mobility Client macOS
NVD
CVSS 3.1
5.6
EPSS
0.1%
CVE-2024-20474 MEDIUM This Month

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Cisco Denial Of Service Microsoft Anyconnect Secure Mobility Client +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20241 MEDIUM This Month

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Cisco Anyconnect Secure Mobility Client +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20240 MEDIUM This Month

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Cisco Anyconnect Secure Mobility Client +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20178 HIGH This Week

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Microsoft Anyconnect Secure Mobility Client Secure Client
NVD
CVSS 3.1
7.8
EPSS
5.4%
CVE-2021-40124 HIGH This Week

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34788 HIGH This Week

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library. Rated high severity (CVSS 7.0). No vendor patch available.

Cisco RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2021-1568 MEDIUM This Month

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1567 MEDIUM This Month

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected. Rated medium severity (CVSS 6.7). No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-1519 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1496 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2021-1430 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1429 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1428 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1427 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1426 HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-1450 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-1366 HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Microsoft Jwt Attack Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2021-1258 MEDIUM This Month

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client Agent Epolicy Orchestrator Extension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-1237 HIGH This Week

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-3556 HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2020-27123 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3435 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-3434 MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Microsoft Anyconnect Secure Mobility Client
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2020-3433 HIGH POC KEV THREAT Act Now

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft RCE Anyconnect Secure Mobility Client
NVD
CVSS 3.1
7.8
EPSS
10.0%
CVE-2020-3153 MEDIUM POC KEV THREAT This Month

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.1
6.5
EPSS
28.3%
CVE-2019-1853 HIGH This Week

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2018-0373 MEDIUM This Month

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-0334 MEDIUM This Month

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Microsoft Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
4.8
EPSS
1.0%
CVE-2018-0229 MEDIUM This Month

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Denial Of Service Cisco Anyconnect Secure Mobility Client Adaptive Security Appliance Software
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-0100 MEDIUM This Month

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
4.4
EPSS
0.4%
CVE-2017-12268 MEDIUM This Month

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-6788 MEDIUM This Month

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Anyconnect Secure Mobility Client
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-6638 HIGH This Week

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3813 HIGH POC This Week

A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.2%
CVE-2016-6369 HIGH This Week

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-6322 MEDIUM This Month

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2015-6306 HIGH POC PATCH This Week

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
3.5%
CVE-2015-6305 HIGH POC This Week

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Microsoft Anyconnect Secure Mobility Client
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
2.0%
CVE-2015-4289 MEDIUM This Month

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.4
EPSS
0.5%
CVE-2015-4290 MEDIUM This Month

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2015-4211 HIGH This Week

Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Microsoft Anyconnect Secure Mobility Client
NVD
CVSS 2.0
7.2
EPSS
0.4%
CVE-2015-0761 HIGH This Week

Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-0755 MEDIUM This Month

The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.8
EPSS
0.1%
CVE-2015-0664 MEDIUM This Month

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.3
EPSS
0.1%
CVE-2015-0665 MEDIUM This Month

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2015-0663 MEDIUM This Month

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages,. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2015-0662 HIGH This Week

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2014-8021 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Hostscan Engine Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3314 MEDIUM This Month

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Google Information Disclosure Anyconnect Secure Mobility Client
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-5559 MEDIUM This Month

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2013-1130 MEDIUM This Month

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.8
EPSS
0.2%
CVE-2013-1173 MEDIUM This Month

Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified. Rated medium severity (CVSS 6.6). No vendor patch available.

Buffer Overflow Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2013-1172 MEDIUM This Month

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors,. Rated medium severity (CVSS 6.6). No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.6
EPSS
0.1%
CVE-2012-3094 MEDIUM This Month

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
5.0
EPSS
0.1%
CVE-2012-3088 CRITICAL Act Now

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
9.3
EPSS
0.5%
CVE-2012-2500 MEDIUM This Month

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2012-2499 MEDIUM This Month

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
5.8
EPSS
0.1%
CVE-2012-2498 MEDIUM This Month

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.0
EPSS
0.1%
CVE-2012-1370 LOW Monitor

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
3.5
EPSS
0.5%
CVE-2012-2496 MEDIUM This Month

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2012-2495 MEDIUM This Month

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco Anyconnect Secure Mobility Client Secure Desktop
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2494 MEDIUM This Month

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2493 CRITICAL Act Now

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Microsoft Cisco Anyconnect Secure Mobility Client
NVD
CVSS 2.0
9.3
EPSS
1.3%
EPSS 0% CVSS 5.6
MEDIUM This Month

A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Anyconnect Secure Mobility Client +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Cisco Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +3
NVD
EPSS 5% CVSS 7.8
HIGH This Week

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Microsoft +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library. Rated high severity (CVSS 7.0). No vendor patch available.

Cisco RCE Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Denial Of Service +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected. Rated medium severity (CVSS 6.7). No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to cause a denial of service (DoS) condition on. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Anyconnect Secure Mobility Client
NVD
EPSS 1% CVSS 7.8
HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco RCE Microsoft +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to cause a targeted AnyConnect user to. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Microsoft +1
NVD
EPSS 10% CVSS 7.8
HIGH POC KEV THREAT Act Now

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft RCE +1
NVD
EPSS 28% CVSS 6.5
MEDIUM POC KEV THREAT This Month

A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Microsoft Information Disclosure +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Denial Of Service Cisco +1
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Authentication Bypass Microsoft +2
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Session Fixation Denial Of Service Cisco +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

XXE Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Cisco Privilege Escalation +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Cisco Privilege Escalation +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
EPSS 4% CVSS 7.2
HIGH POC PATCH This Week

Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD Exploit-DB
EPSS 2% CVSS 7.2
HIGH POC This Week

Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Cisco Information Disclosure Microsoft +1
NVD Exploit-DB
EPSS 1% CVSS 6.4
MEDIUM This Month

Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Microsoft +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages,. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation,. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cisco Hostscan Engine +1
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Google Information Disclosure +1
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Cisco +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified. Rated medium severity (CVSS 6.6). No vendor patch available.

Buffer Overflow Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors,. Rated medium severity (CVSS 6.6). No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Cisco Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Authentication Bypass Anyconnect Secure Mobility Client
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Cisco +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco +2
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Java Information Disclosure Cisco +1
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Java Microsoft +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy