Cisco Anyconnect Secure Mobility Client vulnerabilities

CVE-2012-2496 [MEDIUM] CWE-20 CVE-2012-2496: A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConn A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.

CVE-2012-2495 [MEDIUM] CWE-20 CVE-2012-2495: The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed co

CVE-2012-2494 [MEDIUM] CWE-20 CVE-2012-2494: The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Clien The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed

CVE-2011-2040 [CRITICAL] CWE-20 CVE-2011-2040: The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) b The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, ak

CVE-2011-2039 [HIGH] CWE-20 CVE-2011-2039: The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) b The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.

CVE-2011-2041 [HIGH] CWE-264 CVE-2011-2041: The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyC The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.