CVE-2011-2039: Input Validation
First published: Thu Jun 02 2011(Updated: )
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Anyconnect Secure Mobility Client | <=2.3 | |
| Cisco Anyconnect Secure Mobility Client | =2.0 | |
| Cisco Anyconnect Secure Mobility Client | =2.1 | |
| Cisco Anyconnect Secure Mobility Client | =2.2 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.128 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.133 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.136 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.140 | |
| Microsoft Windows | ||
| Microsoft Windows Mobile |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
- http://www.securitytracker.com/id?1025591
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909
- http://www.kb.cert.org/vuls/id/490097
- http://osvdb.org/72714
- http://securityreason.com/securityalert/8272
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67739
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/weakness
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco anyconnect secure mobility client
- version/cisco anyconnect secure mobility client/2.3
- version/cisco anyconnect secure mobility client/2.0
- version/cisco anyconnect secure mobility client/2.1
- version/cisco anyconnect secure mobility client/2.2
- version/cisco anyconnect secure mobility client/2.2.128
- version/cisco anyconnect secure mobility client/2.2.133
- version/cisco anyconnect secure mobility client/2.2.136
- version/cisco anyconnect secure mobility client/2.2.140
- vendor/microsoft
- canonical/microsoft windows
- canonical/microsoft windows mobile