Cisco Anyconnect Secure Mobility Client — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Anyconnect Secure Mobility Client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (69)
CVE-2012-2493 — CVSS 9.3 (critical): The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and…
CVE-2011-2040 — CVSS 9.3 (critical): The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before…
CVE-2012-3088 — CVSS 9.3 (critical): Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains…
CVE-2021-1237 — CVSS 7.8 (high): A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Windows…
CVE-2017-3813 — CVSS 7.8 (high): A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an…
CVE-2017-6638 — CVSS 7.8 (high): A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local…
CVE-2023-20178 — CVSS 7.8 (high): A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client…
CVE-2021-1366 — CVSS 7.8 (high): A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an…
CVE-2016-6369 — CVSS 7.8 (high): Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain…
CVE-2016-9192 — CVSS 7.8 (high): A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute…
CVE-2011-2039 — CVSS 7.6 (high): The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on…
CVE-2020-3556 — CVSS 7.3 (high): A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an…
CVE-2015-4211 — CVSS 7.2 (high): Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain…
CVE-2015-0761 — CVSS 7.2 (high): Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal…
CVE-2015-6305 — CVSS 7.2 (high): Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility…
CVE-2015-0662 — CVSS 7.2 (high): Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger…
CVE-2011-2041 — CVSS 7.2 (high): The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on…
CVE-2015-6306 — CVSS 7.2 (high): Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local…
CVE-2019-16007 — CVSS 7.1 (high): A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated…
CVE-2021-1430 — CVSS 7.0 (high): Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could…
CVE-2021-1429 — CVSS 7.0 (high): Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could…
CVE-2021-1428 — CVSS 7.0 (high): Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could…
CVE-2021-1427 — CVSS 7.0 (high): Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could…
CVE-2021-1426 — CVSS 7.0 (high): Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could…
CVE-2021-1567 — CVSS 7.0 (high): A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local…
CVE-2021-1496 — CVSS 7.0 (high): Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows could…
CVE-2021-34788 — CVSS 7.0 (high): A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allow an…
CVE-2013-1130 — CVSS 6.8 (medium): Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain…
CVE-2012-2496 — CVSS 6.8 (medium): A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before…
CVE-2015-0755 — CVSS 6.8 (medium): The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows…
CVE-2013-5559 — CVSS 6.8 (medium): Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x…
CVE-2021-40124 — CVSS 6.7 (medium): A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an…
CVE-2015-6322 — CVSS 6.6 (medium): The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access…
CVE-2013-1172 — CVSS 6.6 (medium): The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files, which…
CVE-2013-1173 — CVSS 6.6 (medium): Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN…
CVE-2015-0663 — CVSS 6.6 (medium): Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows…
CVE-2015-0665 — CVSS 6.6 (medium): The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via…
CVE-2018-0229 — CVSS 6.5 (medium): A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect…
CVE-2017-12268 — CVSS 6.5 (medium): A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker…
CVE-2015-4289 — CVSS 6.4 (medium): Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary…
CVE-2017-6788 — CVSS 6.1 (medium): The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an…
CVE-2012-2499 — CVSS 5.8 (medium): The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509…
CVE-2020-3432 — CVSS 5.6 (medium): A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local…
CVE-2020-27123 — CVSS 5.5 (medium): A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an…
CVE-2020-3434 — CVSS 5.5 (medium): A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an…
CVE-2020-3435 — CVSS 5.5 (medium): A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an…
CVE-2021-1258 — CVSS 5.5 (medium): A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low…
CVE-2023-20241 — CVSS 5.5 (medium): Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local…
CVE-2021-1450 — CVSS 5.5 (medium): A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenticated…
CVE-2018-0373 — CVSS 5.5 (medium): A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for…
CVE-2023-20240 — CVSS 5.5 (medium): Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local…
CVE-2021-1568 — CVSS 5.5 (medium): A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of…
CVE-2012-3094 — CVSS 5.0 (medium): The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts…
CVE-2014-3314 — CVSS 5.0 (medium): Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms…
CVE-2015-4290 — CVSS 4.9 (medium): The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic)…
CVE-2019-1853 — CVSS 4.8 (medium): A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote…
CVE-2018-0334 — CVSS 4.8 (medium): A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility…
CVE-2021-1519 — CVSS 4.7 (medium): A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an…
CVE-2018-0100 — CVSS 4.4 (medium): A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have…
CVE-2012-2495 — CVSS 4.3 (medium): The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before…
CVE-2012-2494 — CVSS 4.3 (medium): The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0…
CVE-2024-20474 — CVSS 4.3 (medium): A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticated…
CVE-2014-8021 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Engine…
CVE-2015-0664 — CVSS 4.3 (medium): The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary userspace…
CVE-2012-2500 — CVSS 4.0 (medium): Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch…
CVE-2012-2498 — CVSS 4.0 (medium): Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate…
CVE-2012-1370 — CVSS 3.5 (low): Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnagentd…