PT-2011-3561 · Cisco · Cisco Anyconnect Secure Mobility Client

Elazar Broad

Publicado

2011-06-02

Atualizado

2017-08-29

CVE-2011-2040

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client versions prior to 2.5.3041 Cisco AnyConnect Secure Mobility Client versions 3.0.x prior to 3.0.629

Description The issue allows remote attackers to execute arbitrary code via the url property to a Java applet. This is due to the helper application in Cisco AnyConnect Secure Mobility Client downloading a client executable file (vpndownloader.exe) without verifying its authenticity.

Recommendations For versions prior to 2.5.3041, update to version 2.5.3041 or later. For versions 3.0.x prior to 3.0.629, update to version 3.0.629 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2011-2040

Produtos afetados

Cisco Anyconnect Secure Mobility Client

PT-2011-3561 · Cisco · Cisco Anyconnect Secure Mobility Client

CVE-2011-2040

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6