Cisco AnyConnect Secure Mobility Client security vulnerabilities

[EN] securityvulns.ru
no-pyccku

Cisco AnyConnect Secure Mobility Client security vulnerabilities
updated since 02.06.2011
Published: 03.06.2011
Source: BUGTRAQ
SecurityVulns ID: 11710
Type: client
Level: 5/10
Description: Local privilege escalation, signature is not checked for downloaded application components.

Affected: CISCO : AnyConnect Secure Mobility Client 2.3
CISCO : AnyConnect Secure Mobility Client 2.5
CISCO : AnyConnect Secure Mobility Client 3.0
CVE: CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.)
CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.)
CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.)

Original document IDEFENSE, iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability (03.06.2011)

CISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (02.06.2011)

Discuss: Read or add your comments to this news (0 comments)