CVE-2011-2040

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 02-06-2011 09:55

Last modified: - 23-01-2023 07:44

Total changes: - 8

Description

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

Reference

20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client-Vendor Advisory
1025591-
20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability-
VU#490097-US Government Resource
cisco-asmc-helper-code-execution(67739)-

Keywords

CVE-2011-2040

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2011-2040

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures