Every CVE whose affected-product data names Cisco Vpn Client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2002-1106 — CVSS 7.5 (high): Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match…
CVE-2002-1107 — CVSS 7.5 (high): Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may…
CVE-2006-2679 — CVSS 7.2 (high): Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for…
CVE-2015-7600 — CVSS 7.2 (high): Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering…
CVE-2002-1447 — CVSS 7.2 (high): Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long…
CVE-2012-3052 — CVSS 6.9 (medium): Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current…
CVE-2007-4414 — CVSS 6.8 (medium): Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and…
CVE-2011-2678 — CVSS 6.8 (medium): The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows platforms uses weak permissions (NT AUTHORITY\INTERACTIVE:F) for…
CVE-2007-4415 — CVSS 6.8 (medium): Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 InstallShield (IS) release, uses weak permissions for cvpnd.exe (Modify…
CVE-2002-0852 — CVSS 5.0 (medium): Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service via…
CVE-2002-0853 — CVSS 5.0 (medium): Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a…
CVE-2002-1104 — CVSS 5.0 (medium): Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash)…
CVE-2002-1108 — CVSS 5.0 (medium): Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced…
CVE-2008-0324 — CVSS 4.9 (medium): Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the…
CVE-2012-5429 — CVSS 4.6 (medium): The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of…
CVE-2002-1105 — CVSS 4.6 (medium): Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the…
CVE-2007-1467 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server…
CVE-2009-4118 — CVSS 2.1 (low): The StartServiceCtrlDispatcher function in the cvpnd service (cvpnd.exe) in Cisco VPN client for Windows before 5.0.06.0100 does not…