NVD

Id
8888  
Name
CVE-2011-2039  
Description
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.  
Reject
 
CVSS Version
2  
CVSS Score
7.6  
Severity
High  
CVSS Base Score
7.6  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2011-06-02  
Modified Date
2011-09-21  
Seq
2011-2039  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
51142 8888 CVE-2011-2039 20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability  View
51143 8888 CVE-2011-2039 8272  View
51144 8888 CVE-2011-2039 20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client  View
51145 8888 CVE-2011-2039 VU#490097  View
51146 8888 CVE-2011-2039 1025591  View
51147 8888 CVE-2011-2039 cisco-asmc-helper-code-execution(67739)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
31476 JVNDB-2011-001716 Windows 上で稼働する Cisco AnyConnect Secure Mobility Client における任意のコードを実行される脆弱性 Windows 上で稼働する Cisco AnyConnect Secure Mobility Client (旧名称 Cisco AnyConnect VPN Client) の helper アプリケーションは、クライアントの実行ファイルを、その信頼性を検査せずにダウンロードするため、任意のコードを実行される脆弱性が存在します。 CVE-2011-2039 49946 CVE-2011-2039 8888 7.6 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001716.html 2011-06-01 2011-06-20 View