Cisco Anyconnect Secure Mobility Client vulnerabilities

CVE-2020-3435 [MEDIUM] CWE-20 CVE-2020-3435: A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system. The vulnerability is due to insufficie

CVE-2020-3153 [MEDIUM] CWE-427 CVE-2020-3153: A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows co A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creati

CVE-2019-1853 [MEDIUM] CWE-125 CVE-2019-1853: A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic