Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2011-06-02 |
| Product | Anyconnect Secure Mobility Client | Last view | 2023-06-28 |
| Version | 2.3.0254 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:cisco:anyconnect_secure_mobility_client | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2023-06-28 | CVE-2023-20178 | A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. |
| 7.8 | 2021-11-04 | CVE-2021-40124 | A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to incorrect privilege assignment to scripts executed before user logon. An attacker could exploit this vulnerability by configuring a script to be executed before logon. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges. |
| 7 | 2021-10-06 | CVE-2021-34788 | A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an authenticated, local attacker to perform a shared library hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for shared library files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with root privileges. To exploit this vulnerability, the attacker must have a valid account on the system. |
| 5.5 | 2021-06-16 | CVE-2021-1568 | A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. This vulnerability is due to uncontrolled memory allocation. An attacker could exploit this vulnerability by copying a crafted file to a specific folder on the system. A successful exploit could allow the attacker to crash the VPN Agent service when the affected application is launched, causing it to be unavailable to all users of the system. To exploit this vulnerability, the attacker must have valid credentials on a multiuser Windows system. |
| 6.7 | 2021-06-16 | CVE-2021-1567 | A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to a race condition in the signature verification process for DLL files that are loaded on an affected device. An attacker could exploit this vulnerability by sending a series of crafted interprocess communication (IPC) messages to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected device with SYSTEM privileges. To exploit this vulnerability, the attacker must have valid credentials on the Windows system. |
| 5.5 | 2021-05-06 | CVE-2021-1519 | A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker must have valid credentials on the affected system. |
| 7.8 | 2021-05-06 | CVE-2021-1496 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. |
| 7.8 | 2021-05-06 | CVE-2021-1430 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. |
| 7.8 | 2021-05-06 | CVE-2021-1429 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. |
| 7.8 | 2021-05-06 | CVE-2021-1428 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. |
| 7.8 | 2021-05-06 | CVE-2021-1427 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. |
| 7.8 | 2021-05-06 | CVE-2021-1426 | Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to hijack DLL or executable files that are used by the application. A successful exploit could allow the attacker to execute arbitrary code on an affected device with SYSTEM privileges. To exploit these vulnerabilities, the attacker must have valid credentials on the Windows system. For more information about these vulnerabilities, see the Details section of this advisory. |
| 7.8 | 2021-02-17 | CVE-2021-1366 | A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack on an affected device if the VPN Posture (HostScan) Module is installed on the AnyConnect client. This vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. |
| 5.5 | 2021-01-13 | CVE-2021-1258 | A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. |
| 7.8 | 2021-01-13 | CVE-2021-1237 | A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL injection attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. |
| 5.5 | 2020-11-06 | CVE-2020-27123 | A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. |
| 7.1 | 2020-09-23 | CVE-2019-16007 | A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application. |
| 5.5 | 2020-08-17 | CVE-2020-3435 | A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to modify VPN profile files. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. |
| 5.5 | 2020-08-17 | CVE-2020-3434 | A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to stop the AnyConnect process, causing a DoS condition on the device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. |
| 7.8 | 2020-08-17 | CVE-2020-3433 | A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficient validation of resources that are loaded by the application at run time. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. |
| 6.5 | 2020-02-19 | CVE-2020-3153 | A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. |
| 7.8 | 2017-06-08 | CVE-2017-6638 | A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input validation of path and file names of a DLL file before it is loaded. An attacker could exploit this vulnerability by creating a malicious DLL file and installing it in a specific system directory. A successful exploit could allow the attacker to execute commands on the underlying Microsoft Windows host with privileges equivalent to the SYSTEM account. The attacker would need valid user credentials to exploit this vulnerability. This vulnerability affects all Cisco AnyConnect Secure Mobility Client for Windows software versions prior to 4.4.02034. Cisco Bug IDs: CSCvc97928. |
| 7.8 | 2016-08-25 | CVE-2016-6369 | Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. |
| 6.6 | 2015-10-12 | CVE-2015-6322 | The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. |
| 7.2 | 2015-09-25 | CVE-2015-6305 | Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by dbghelp.dll, aka Bug ID CSCuv01279. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4211. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 36% (11) | CWE-427 | Uncontrolled Search Path Element |
| 20% (6) | CWE-264 | Permissions, Privileges, and Access Controls |
| 16% (5) | CWE-20 | Improper Input Validation |
| 6% (2) | CWE-269 | Improper Privilege Management |
| 3% (1) | CWE-426 | Untrusted Search Path |
| 3% (1) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 3% (1) | CWE-345 | Insufficient Verification of Data Authenticity |
| 3% (1) | CWE-276 | Incorrect Default Permissions |
| 3% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 3% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 72716 | Cisco AnyConnect Secure Mobility Client Start Before Logon Unspecified Local ... |
| 72715 | Cisco AnyConnect Secure Mobility Client JRE Applet Headend Server Spoofing Re... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2021-01-28 | OpenSSL configuration arbitrary DLL load attempt RuleID : 56894 - Type : FILE-OTHER - Revision : 2 |
| 2021-01-28 | OpenSSL configuration arbitrary DLL load attempt RuleID : 56893 - Type : FILE-OTHER - Revision : 2 |
| 2021-01-28 | Cisco AnyConnect information disclosure attempt RuleID : 56884 - Type : FILE-OTHER - Revision : 1 |
| 2021-01-28 | Cisco AnyConnect information disclosure attempt RuleID : 56883 - Type : FILE-OTHER - Revision : 1 |
| 2021-01-28 | Cisco AnyConnect information disclosure attempt RuleID : 56882 - Type : FILE-OTHER - Revision : 1 |
| 2021-01-28 | Cisco AnyConnect information disclosure attempt RuleID : 56881 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | Cisco AnyConnect Secure Mobility Client dll-load exploit attempt RuleID : 54695 - Type : FILE-OTHER - Revision : 1 |
| 2020-12-05 | Cisco AnyConnect Secure Mobility Client dll-load exploit attempt RuleID : 54694 - Type : FILE-OTHER - Revision : 1 |
| 2014-01-10 | Cisco AnyConnect mobility client activex clsid access attempt RuleID : 27173 - Type : BROWSER-PLUGINS - Revision : 5 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-06-14 | Name: A VPN application installed on the remote host is affected by a privilege esc... File: cisco_anyconnect_CSCvc97928.nasl - Type: ACT_GATHER_INFO |
| 2016-09-08 | Name: A VPN application installed on the remote host is affected by a privilege esc... File: cisco_anyconnect_CSCuz92464.nasl - Type: ACT_GATHER_INFO |
| 2016-01-13 | Name: The remote host is affected by an arbitrary file manipulation vulnerability. File: cisco_anyconnect_4_2_1025.nasl - Type: ACT_GATHER_INFO |
| 2015-10-06 | Name: The remote host is affected by a privilege escalation vulnerability. File: cisco_anyconnect_4_1_6020.nasl - Type: ACT_GATHER_INFO |
| 2015-08-07 | Name: The remote host is affected by multiple vulnerabilities. File: cisco_anyconnect_CSCus79173_CSCus79195.nasl - Type: ACT_GATHER_INFO |
| 2015-08-07 | Name: The remote host is affected by an arbitrary file write vulnerability. File: cisco_anyconnect_CSCus79392.nasl - Type: ACT_GATHER_INFO |
| 2015-08-07 | Name: The remote host is affected by multiple vulnerabilities. File: macosx_cisco_anyconnect_CSCus79173_CSCus79195.nasl - Type: ACT_GATHER_INFO |
| 2015-08-07 | Name: The remote host is affected by an arbitrary file write vulnerability. File: macosx_cisco_anyconnect_CSCus79392.nasl - Type: ACT_GATHER_INFO |
| 2015-03-20 | Name: The remote host is affected by a code execution vulnerability. File: cisco_anyconnect_4_0_0051.nasl - Type: ACT_GATHER_INFO |
| 2015-03-20 | Name: The remote host is affected by a code execution vulnerability. File: macosx_cisco_anyconnect_4_0_0051.nasl - Type: ACT_GATHER_INFO |
| 2015-03-06 | Name: The remote host is affected by a cross-site scripting vulnerability. File: cisco_anyconnect_3_1_6068.nasl - Type: ACT_GATHER_INFO |
| 2013-12-16 | Name: The remote host has software installed that is affected by multiple vulnerabi... File: macosx_cisco_anyconnect_3_0_629.nasl - Type: ACT_GATHER_INFO |
| 2011-06-03 | Name: The VPN client installed on the remote Windows host has multiple vulnerabilit... File: cisco_anyconnect_vpn_2_3_254.nasl - Type: ACT_GATHER_INFO |
