CVSS: 7.8EPSS: 0%CPEs: 61EXPL: 0CVE-2013-1173
https://notcve.org/view.php?id=CVE-2013-1173
11 Apr 2013 — Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143. Desbordamiento de búfer basado en pila en ciscod.exe en el Servicio de Seguridad de Cisco en Cisco AnyConnect Secure Mobility Client (también conocido como AnyConnect VPN Client) permite a usuarios locales obtener privilegios a través de vectores no especificados, también conocido co... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1173 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3088
https://notcve.org/view.php?id=CVE-2012-3088
16 Sep 2012 — Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. Cisco AnyConnect Secure Mobility Client v3.1.x anteriores a v3.1.00495, y v3.2.x, no comprueba si la petición HTTP original contiene cabeceras ScanSafe, lo que permite a atacantes remotos a tener un impacto no determinado a través de una petición manipul... • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3094
https://notcve.org/view.php?id=CVE-2012-3094
16 Sep 2012 — The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. El módulo VPN downloader en el componente download_install en Cisco AnyConnect Secure Mobility Client v3.1.x anteriores a v3.1.00495 en Linux acepta certificados de servidor x.509sin ... • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2012-2498
https://notcve.org/view.php?id=CVE-2012-2498
06 Aug 2012 — Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197. Cisco AnyConnect Secure Mobility Client v3.0 hasta v3.0.08066 no se asegura que la autenticación hecha utilice un certificado legítimo, lo que permitiría a atacantes de hombre en medio (man-in-the-middle) asistidos por usuarios usuarios espiar servidore... • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html • CWE-287: Improper Authentication •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2499
https://notcve.org/view.php?id=CVE-2012-2499
06 Aug 2012 — The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985. La implementación de IPsec de Cisco AnyConnect Secure Mobility Client v3.0 anterior a v3.0.08057 no verifica el nombre del certificado en un X.509, lo que permite un ataque man-in-the-middle a los servidores falsos a través de un certificado hecho a man... • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2012-2500
https://notcve.org/view.php?id=CVE-2012-2500
06 Aug 2012 — Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470. Cisco AnyConnect Secure Mobility Client 3.0 anteriores a v3.0.08057 no verifica el nombre del certificado en un X.509 durante WebLaunch de IPsec, lo que permitiría atacantes de hombre en medio (man-in-the-middle a espiar servidores a través de un certific... • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-1370
https://notcve.org/view.php?id=CVE-2012-1370
06 Aug 2012 — Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670. Cisco AnyConnect Secure Mobility Client v3.0 anterior a v3.0.08057 permite a usuarios remotos autenticados provocar una denegación de servicio (caída del proceso vpnagentd) a través de un paquete manipulado, también conocido como Bug ID CSCty01670. • http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 34EXPL: 0CVE-2012-2493 – Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2493
20 Jun 2012 — The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523. La implementación de descargas en VPN en la funcionalidad WebLaunch de Cisco AnyConnect Secu... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2012-2494 – Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-2494
20 Jun 2012 — The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681. La implementación de descargas en VPN en la funcionalidad WebLaunch de Cisco AnyCon... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2495
https://notcve.org/view.php?id=CVE-2012-2495
20 Jun 2012 — The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. La implementación de HostScan en Cisco AnyConnect Secure Mobility Client v3.x antes d... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac • CWE-20: Improper Input Validation •