NVD

Id
8889  
Name
CVE-2011-2040  
Description
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.  
Reject
 
CVSS Version
2  
CVSS Score
9.3  
Severity
High  
CVSS Base Score
9.3  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2011-06-02  
Modified Date
2012-08-02  
Seq
2011-2040  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
51148 8889 CVE-2011-2040 20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability  View
51149 8889 CVE-2011-2040 20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client  View
51150 8889 CVE-2011-2040 VU#490097  View
51151 8889 CVE-2011-2040 1025591  View
51152 8889 CVE-2011-2040 cisco-asmc-helper-code-execution(67739)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
31477 JVNDB-2011-001717 Linux および Mac OS 上で稼働する Cisco AnyConnect Secure Mobility Client における任意のコードを実行される脆弱性 Linux および Mac OS X 上で稼働する Cisco AnyConnect Secure Mobility Client (旧名称 Cisco AnyConnect VPN Client) の helper アプリケーションは、クライアントの実行ファイルを、その信頼性を検査せずにダウンロードするため、任意のコードを実行される脆弱性が存在します。 CVE-2011-2040 49947 CVE-2011-2040 8889 7.6 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-001717.html 2011-06-01 2011-06-20 View