CVE-2011-2040: Input Validation
First published: Thu Jun 02 2011(Updated: )
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Anyconnect Secure Mobility Client | <=2.5.2019 | |
| Cisco Anyconnect Secure Mobility Client | =2.0 | |
| Cisco Anyconnect Secure Mobility Client | =2.1 | |
| Cisco Anyconnect Secure Mobility Client | =2.2 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.128 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.133 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.136 | |
| Cisco Anyconnect Secure Mobility Client | =2.2.140 | |
| Cisco Anyconnect Secure Mobility Client | =2.3 | |
| Cisco Anyconnect Secure Mobility Client | =2.3.185 | |
| Cisco Anyconnect Secure Mobility Client | =2.3.254 | |
| Cisco Anyconnect Secure Mobility Client | =2.3.2016 | |
| Cisco Anyconnect Secure Mobility Client | =2.4 | |
| Cisco Anyconnect Secure Mobility Client | =2.4.0202 | |
| Cisco Anyconnect Secure Mobility Client | =2.4.1012 | |
| Cisco Anyconnect Secure Mobility Client | =2.5 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.1025 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.2001 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.2006 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.2010 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.2011 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.2014 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.2017 | |
| Cisco Anyconnect Secure Mobility Client | =2.5.2018 | |
| Cisco Anyconnect Secure Mobility Client | =3.0 | |
| Apple Mac OS X | ||
| Linux Linux kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco anyconnect secure mobility client
- version/cisco anyconnect secure mobility client/2.5.2019
- version/cisco anyconnect secure mobility client/2.0
- version/cisco anyconnect secure mobility client/2.1
- version/cisco anyconnect secure mobility client/2.2
- version/cisco anyconnect secure mobility client/2.2.128
- version/cisco anyconnect secure mobility client/2.2.133
- version/cisco anyconnect secure mobility client/2.2.136
- version/cisco anyconnect secure mobility client/2.2.140
- version/cisco anyconnect secure mobility client/2.3
- version/cisco anyconnect secure mobility client/2.3.185
- version/cisco anyconnect secure mobility client/2.3.254
- version/cisco anyconnect secure mobility client/2.3.2016
- version/cisco anyconnect secure mobility client/2.4
- version/cisco anyconnect secure mobility client/2.4.0202
- version/cisco anyconnect secure mobility client/2.4.1012
- version/cisco anyconnect secure mobility client/2.5
- version/cisco anyconnect secure mobility client/2.5.1025
- version/cisco anyconnect secure mobility client/2.5.2001
- version/cisco anyconnect secure mobility client/2.5.2006
- version/cisco anyconnect secure mobility client/2.5.2010
- version/cisco anyconnect secure mobility client/2.5.2011
- version/cisco anyconnect secure mobility client/2.5.2014
- version/cisco anyconnect secure mobility client/2.5.2017
- version/cisco anyconnect secure mobility client/2.5.2018
- version/cisco anyconnect secure mobility client/3.0
- vendor/apple
- canonical/apple mac os x
- vendor/linux
- canonical/linux linux kernel