Cisco Anyconnect_secure_mobility_client
37 CVEs affecting Cisco Anyconnect_secure_mobility_client. Latest disclosed: 2017-10-05. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-6638 | High | 7.8 | 2017-06-08 | A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install an… |
CVE-2017-3813 | High | 7.8 | 2017-02-09 | A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local at… |
CVE-2016-9192 | High | 7.8 | 2016-12-14 | A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executa… |
CVE-2016-6369 | High | 7.8 | 2016-08-25 | Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a cra… |
CVE-2017-12268 | Medium | 6.5 | 2017-10-05 | A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple… |
CVE-2017-6788 | Medium | 6.1 | 2017-08-17 | The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker t… |
CVE-2015-6322 | | 2015-10-12 | The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary… | |
CVE-2015-6306 | | 2015-09-26 | Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root… | |
CVE-2015-6305 | | 2015-09-26 | Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4… | |
CVE-2015-4289 | | 2015-08-01 | Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted… | |
CVE-2015-4290 | | 2015-07-29 | The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving… | |
CVE-2015-4211 | | 2015-06-24 | Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF… | |
CVE-2015-0761 | | 2015-06-04 | Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which al… | |
CVE-2015-0755 | | 2015-05-29 | The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain priv… | |
CVE-2015-0664 | | 2015-03-18 | The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and con… | |
CVE-2015-0665 | | 2015-03-17 | The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages… | |
CVE-2015-0663 | | 2015-03-17 | Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write… | |
CVE-2015-0662 | | 2015-03-17 | Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privile… | |
CVE-2014-8021 | | 2015-02-03 | Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier a… | |
CVE-2014-3314 | | 2015-01-14 | Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture c… |