CVE-2011-2040

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml	Vendor Advisory
http://www.kb.cert.org/vuls/id/490097	US Government Resource
http://www.securitytracker.com/id?1025591
https://exchange.xforce.ibmcloud.com/vulnerabilities/67739
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml	Vendor Advisory
http://www.kb.cert.org/vuls/id/490097	US Government Resource
http://www.securitytracker.com/id?1025591
https://exchange.xforce.ibmcloud.com/vulnerabilities/67739

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:cisco:anyconnect_secure_mobility_client::::::::
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.254:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.1012:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.1025:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2001:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2006:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2010:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2011:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2014:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2017:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2018:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0:::::::*

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

History

21 Nov 2024, 01:27

Type	Values Removed	Values Added
References	~~() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910 -~~	() http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910 -
References	~~() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml - Vendor Advisory~~	() http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml - Vendor Advisory
References	~~() http://www.kb.cert.org/vuls/id/490097 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/490097 - US Government Resource
References	~~() http://www.securitytracker.com/id?1025591 -~~	() http://www.securitytracker.com/id?1025591 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/67739 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/67739 -

Information

Published : 2011-06-02 19:55

Updated : 2025-04-11 00:51

NVD link : CVE-2011-2040

Mitre link : CVE-2011-2040

CVE.ORG link : CVE-2011-2040

JSON object : View

Products Affected

cisco

anyconnect_secure_mobility_client

apple

mac_os_x

linux

linux_kernel

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-2040", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-06-02T19:55:04.420", "references": [{"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910", "source": "psirt@cisco.com"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://www.kb.cert.org/vuls/id/490097", "tags": ["US Government Resource"], "source": "psirt@cisco.com"}, {"url": "http://www.securitytracker.com/id?1025591", "source": "psirt@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739", "source": "psirt@cisco.com"}, {"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/490097", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1025591", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934."}, {"lang": "es", "value": "La aplicaci\u00f3n de ayuda en Cisco Secure Mobility AnyConnect client (anteriormente AnyConnect VPN Client) antes de v2.5.3041, y v3.0.x antes de v3.0.629, en Linux y Mac OS X descarga un archivo de cliente ejecutable, sin verificar su autenticidad, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por suplantaci\u00f3n de identidad del servidor VPN. Error tambi\u00e9n conocido como Bug ID CSCsy05934."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCC40AA5-20D9-44F4-94DA-BD42E8598B00", "versionEndIncluding": "2.5.2019"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B522088-2084-491B-98F0-3E3CCD88131F"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA179B71-AC81-4587-8FB1-0466B2550975"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210B66BB-4E2C-4D9E-BFBB-69916A42287C"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B77EB2C9-BACE-46EA-AA72-FF1C7EB1A5F4"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06527370-E73A-40FF-8E02-E0337536C7C1"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A617295C-F518-4BC7-8442-E476448D8F01"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E71A1D6B-8E87-4E3A-A1AE-DE44C2C348F9"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8AD6158-17AB-443D-8EC1-5FDE5852CAEC"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BBF395D-9E90-44C1-8E99-3631FFF24487"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.254:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E874C1CB-5F13-45DE-98EF-48C9DCC0DA80"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.2016:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "184A5DAA-9BDB-4C2D-80DC-E2E21356676A"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB04F55C-D373-42FF-8CEE-88762BA1BD62"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.0202:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B1E5D16-BD4E-417C-851B-AEC74D1F84FC"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.4.1012:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B9822AE-2ACE-424A-BB03-4457923E812E"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D85B4988-85C9-4E28-B526-862B6EB8A436"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.1025:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "818C7378-6587-4F08-A8F1-C2E2D3DFFE0C"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2646BB0-DC7B-47E9-9EF1-9E70F328DE0B"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C41B8BA4-3242-464D-A9E0-15018C8CB495"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2010:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D713E198-7C64-4D7C-9DE9-C84FBE26B571"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2011:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE3B606D-1E0E-4276-BFD4-31D6BD96FE1C"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2014:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3A37930-E737-46E9-BD83-99D72C31A551"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2017:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93A65C87-E948-4BFF-AFE5-3180701AFDA3"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.5.2018:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39FDA0C8-8315-4899-B0C5-DE234784E50D"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F1A7236-46E3-487A-998B-4D72A5EEA004"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}

9.3 /10