The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) prior to 2.5.3041, and 3.0.x prior to 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote malicious users to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco anyconnect_secure_mobility_client 2.3 |
||
cisco anyconnect_secure_mobility_client 2.3.2016 |
||
cisco anyconnect_secure_mobility_client |
||
cisco anyconnect_secure_mobility_client 2.5.2018 |
||
cisco anyconnect_secure_mobility_client 2.5.1025 |
||
cisco anyconnect_secure_mobility_client 3.0 |
||
cisco anyconnect_secure_mobility_client 2.2.128 |
||
cisco anyconnect_secure_mobility_client 2.0 |
||
cisco anyconnect_secure_mobility_client 2.4 |
||
cisco anyconnect_secure_mobility_client 2.4.1012 |
||
cisco anyconnect_secure_mobility_client 2.5.2011 |
||
cisco anyconnect_secure_mobility_client 2.5.2010 |
||
cisco anyconnect_secure_mobility_client 2.2 |
||
cisco anyconnect_secure_mobility_client 2.1 |
||
cisco anyconnect_secure_mobility_client 2.2.140 |
||
cisco anyconnect_secure_mobility_client 2.4.0202 |
||
cisco anyconnect_secure_mobility_client 2.5 |
||
cisco anyconnect_secure_mobility_client 2.5.2006 |
||
cisco anyconnect_secure_mobility_client 2.5.2001 |
||
cisco anyconnect_secure_mobility_client 2.2.136 |
||
cisco anyconnect_secure_mobility_client 2.2.133 |
||
cisco anyconnect_secure_mobility_client 2.3.254 |
||
cisco anyconnect_secure_mobility_client 2.3.185 |
||
cisco anyconnect_secure_mobility_client 2.5.2017 |
||
cisco anyconnect_secure_mobility_client 2.5.2014 |
Vulmon