Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.6
CVSSv2

CVE-2011-2039

Published: 02/06/2011 Updated: 29/08/2017
CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9
VMScore: 765
Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C
Subscribe to Anyconnect Secure Mobility Client

Vulnerability Summary

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) prior to 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote malicious users to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco anyconnect_secure_mobility_client 2.0

cisco anyconnect_secure_mobility_client 2.2.133

cisco anyconnect_secure_mobility_client 2.2.128

cisco anyconnect_secure_mobility_client 2.2.140

cisco anyconnect_secure_mobility_client 2.2.136

cisco anyconnect_secure_mobility_client 2.1

cisco anyconnect_secure_mobility_client 2.2

cisco anyconnect_secure_mobility_client

Exploits

Exploit DB: Cisco AnyConnect VPN Client - ActiveX URL Property Download and Execute (Metasploit)
## # $Id: cisco_anyconnect_execrb 12872 2011-06-06 20:15:51Z bannedit $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/cor ...

References

CWE-20http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtmlhttp://www.securitytracker.com/id?1025591http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909http://www.kb.cert.org/vuls/id/490097http://osvdb.org/72714http://securityreason.com/securityalert/8272https://exchange.xforce.ibmcloud.com/vulnerabilities/67739https://nvd.nist.govhttps://www.exploit-db.com/exploits/17366/https://www.kb.cert.org/vuls/id/490097
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook