Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Cisco AnyConnect Secure Mobility Client
дополнено с 2 июня 2011 г.
Опубликовано:3 июня 2011 г.
Источник:
SecurityVulns ID:11710
Тип:клиент
Уровень опасности:
5/10
Описание:Локальное повышение привилегий, не проверяется подпись при загрузке компонентов приложения.
Затронутые продукты:CISCO : AnyConnect Secure Mobility Client 2.3
 CISCO : AnyConnect Secure Mobility Client 2.5
 CISCO : AnyConnect Secure Mobility Client 3.0
CVE:CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.)
 CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.)
 CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability (03.06.2011)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (02.06.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород