CVE-2019-1853 – Cisco AnyConnect Secure Mobility Client for Linux Out-of-Bounds Memory Read Vulnerability
https://notcve.org/view.php?id=CVE-2019-1853
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. Una vulnerabilidad en el componente HostScan de Cisco AnyConnect Secure Mobility Client para Linux podría permitir a un atacante remoto no autorizado leer información confidencial en un sistema afectado. • http://www.securityfocus.com/bid/108364 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-anyconnectclient-oob-read • CWE-125: Out-of-bounds Read •
CVE-2018-0373
https://notcve.org/view.php?id=CVE-2018-0373
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious request to the application. A successful exploit could allow the attacker to cause a DoS condition on the affected system. Cisco Bug IDs: CSCvj47654. • http://www.securityfocus.com/bid/104548 http://www.securitytracker.com/id/1041176 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-anyconnect-dos • CWE-20: Improper Input Validation •
CVE-2018-0334
https://notcve.org/view.php?id=CVE-2018-0334
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could allow an unauthenticated, remote attacker to bypass the TLS certificate check when downloading certain configuration files. The vulnerability is due to improper use of Simple Certificate Enrollment Protocol and improper server certificate validation. An attacker could exploit this vulnerability by preparing malicious profile and localization files for Cisco AnyConnect to use. A successful exploit could allow the attacker to remotely change the configuration profile, a certificate, or the localization data used by AnyConnect Secure Mobility Client. Cisco Bug IDs: CSCvh23141. • http://www.securityfocus.com/bid/104430 http://www.securitytracker.com/id/1041075 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-AnyConnect-cert-bypass • CWE-295: Improper Certificate Validation •
CVE-2018-0229
https://notcve.org/view.php?id=CVE-2018-0229
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. The authentication would need to be done by an unsuspecting third party, aka Session Fixation. The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company's Identity Provider (IdP). A successful exploit could allow the attacker to hijack a valid authentication token and use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. • http://www.securityfocus.com/bid/103939 http://www.securitytracker.com/id/1040711 http://www.securitytracker.com/id/1040712 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect • CWE-384: Session Fixation •
CVE-2018-0100
https://notcve.org/view.php?id=CVE-2018-0100
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341. Una vulnerabilidad en Profile Editor en Cisco AnyConnect Secure Mobility Client podría podría permitir que un atacante local no autenticado tenga acceso de lectura y escritura a la información almacenada en el sistema afectado. • http://www.securityfocus.com/bid/102738 http://www.securitytracker.com/id/1040246 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-acpe • CWE-611: Improper Restriction of XML External Entity Reference •