Cisco Anyconnect Secure Mobility Client vulnerabilities

CVE-2015-4289 [MEDIUM] CWE-22 CVE-2015-4289: Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSCut93920.

CVE-2015-4290 [MEDIUM] CWE-119 CVE-2015-4290: The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID CSCut12255.

CVE-2015-4211 [HIGH] CWE-264 CVE-2015-4211: Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, whi Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862.

CVE-2015-0761 [HIGH] CWE-264 CVE-2015-0761: Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.

CVE-2015-0755 [MEDIUM] CWE-284 CVE-2015-0755: The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secu The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797.

CVE-2015-0664 [MEDIUM] CWE-20 CVE-2015-0664: The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local user The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace memory locations, and consequently gain privileges, via crafted messages, aka Bug ID CSCus79195.

CVE-2015-0662 [HIGH] CWE-264 CVE-2015-0662: Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privilege Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385.

CVE-2015-0663 [MEDIUM] CWE-264 CVE-2015-0663: Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access c Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.

CVE-2015-0665 [MEDIUM] CWE-22 CVE-2015-0665: The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173.

CVE-2014-8021 [MEDIUM] CWE-79 CVE-2014-8021: Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine 3.1(.05183) and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving an applet-path URL, aka Bug IDs CSCup82990 and CSCuq80149.

CVE-2013-5559 [MEDIUM] CWE-119 CVE-2013-5559: Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco Any Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.

CVE-2013-1173 [MEDIUM] CWE-119 CVE-2013-1173: Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mo Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14143.

CVE-2013-1172 [MEDIUM] CWE-20 CVE-2013-1172: The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) do The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCud14153.

CVE-2012-3088 [CRITICAL] CVE-2012-3088: Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

CVE-2012-3094 [MEDIUM] CWE-200 CVE-2012-3094: The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1. The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.

CVE-2012-2499 [MEDIUM] CWE-310 CVE-2012-2499: The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not ve The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

CVE-2012-2500 [MEDIUM] CWE-310 CVE-2012-2500: Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.

CVE-2012-2498 [MEDIUM] CWE-287 CVE-2012-2498: Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication ma Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

CVE-2012-1370 [LOW] CWE-119 CVE-2012-1370: Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to ca Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd process crash) via a crafted packet, aka Bug ID CSCty01670.

CVE-2012-2493 [CRITICAL] CWE-20 CVE-2012-2493: The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Clien The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors i