CVE-2011-2040

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2018:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.1025:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.1012:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2011:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2017:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2001:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2010:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2014:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2006:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.254:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Information

Published : 2011-06-02 12:55

Updated : 2017-08-28 18:29


NVD link : CVE-2011-2040

Mitre link : CVE-2011-2040


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

apple

  • mac_os_x

cisco

  • anyconnect_secure_mobility_client

linux

  • linux_kernel