CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-16007 – Cisco AnyConnect Secure Mobility Client for Android Service Hijack Vulnerability
https://notcve.org/view.php?id=CVE-2019-16007
23 Sep 2020 — A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-anyconnect-hijack • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 6%CPEs: 1EXPL: 3CVE-2020-3433 – Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
https://notcve.org/view.php?id=CVE-2020-3433
17 Aug 2020 — A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect ... • https://packetstorm.news/files/id/159420 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3434 – Cisco AnyConnect Secure Mobility Client for Windows Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3434
17 Aug 2020 — A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect proc... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dos-feXq4tAV • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3435 – Cisco AnyConnect Secure Mobility Client for Windows Profile Modification Vulnerability
https://notcve.org/view.php?id=CVE-2020-3435
17 Aug 2020 — A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-profile-7u3PERKF • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 41%CPEs: 1EXPL: 10CVE-2020-3153 – Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
https://notcve.org/view.php?id=CVE-2020-3153
19 Feb 2020 — A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system ... • https://packetstorm.news/files/id/159420 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1853 – Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability
https://notcve.org/view.php?id=CVE-2019-1853
16 May 2019 — A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. Una vu... • http://www.securityfocus.com/bid/108364 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-0373
https://notcve.org/view.php?id=CVE-2018-0373
21 Jun 2018 — A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affe... • http://www.securityfocus.com/bid/104548 • CWE-20: Improper Input Validation •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0334
https://notcve.org/view.php?id=CVE-2018-0334
07 Jun 2018 — A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing mali... • http://www.securityfocus.com/bid/104430 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-0229
https://notcve.org/view.php?id=CVE-2018-0229
19 Apr 2018 — A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. The authentication would need to be done by an unsuspecting third party, ... • http://www.securityfocus.com/bid/103939 • CWE-384: Session Fixation •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0100
https://notcve.org/view.php?id=CVE-2018-0100
18 Jan 2018 — A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341. Una vul... • http://www.securityfocus.com/bid/102738 • CWE-611: Improper Restriction of XML External Entity Reference •