Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2040

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2011-2040
Last Modified 02 Aug 2012 12:00:00
Published 02 Jun 2011 03:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2040

Summary

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.

Vulnerable Systems

Application

  • Cisco Anyconnect Secure Mobility Client 2.0

  • Cisco Anyconnect Secure Mobility Client 2.1

  • Cisco Anyconnect Secure Mobility Client 2.2

  • Cisco Anyconnect Secure Mobility Client 2.2.128

  • Cisco Anyconnect Secure Mobility Client 2.2.133

  • Cisco Anyconnect Secure Mobility Client 2.2.136

  • Cisco Anyconnect Secure Mobility Client 2.2.140

  • Cisco Anyconnect Secure Mobility Client 2.3

  • Cisco Anyconnect Secure Mobility Client 2.3.185

  • Cisco Anyconnect Secure Mobility Client 2.3.2016

  • Cisco Anyconnect Secure Mobility Client 2.3.254

  • Cisco Anyconnect Secure Mobility Client 2.4

  • Cisco Anyconnect Secure Mobility Client 2.4.0202

  • Cisco Anyconnect Secure Mobility Client 2.4.1012

  • Cisco Anyconnect Secure Mobility Client 2.5

  • Cisco Anyconnect Secure Mobility Client 2.5.1025

  • Cisco Anyconnect Secure Mobility Client 2.5.2001

  • Cisco Anyconnect Secure Mobility Client 2.5.2006

  • Cisco Anyconnect Secure Mobility Client 2.5.2010

  • Cisco Anyconnect Secure Mobility Client 2.5.2011

  • Cisco Anyconnect Secure Mobility Client 2.5.2014

  • Cisco Anyconnect Secure Mobility Client 2.5.2017

  • Cisco Anyconnect Secure Mobility Client 2.5.2018

  • Cisco Anyconnect Secure Mobility Client 2.5.2019

  • Cisco Anyconnect Secure Mobility Client 3.0


References

CERT-VN - VU#490097

XF - cisco-asmc-helper-code-execution(67739)

SECTRACK - 1025591

CISCO - 20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client

IDEFENSE - 20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability


Last Updated: 27 May 2016 10:55:01