CyberSec.Space Logo
Back to CVE Browser

CVE-2011-2040

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0660%
EPSS Percentile10.84th
PublishedJun 2, 2011
Last ModifiedApr 29, 2026

Vulnerability Description

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.

Affected Platforms (CPE)

πŸ“¦
Cisco

Anyconnect Secure Mobility Client

<= 2.5.2019
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.0
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.1
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.128
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.133
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.136
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.140
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3.185
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3.254
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3.2016
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.4
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.4.0202
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.4.1012
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.1025
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.2001
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.2006
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.2010
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.2011
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.2014
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.2017
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5.2018
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 3.0

References & Advisories

πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910
πŸ”— http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
πŸ”— http://www.kb.cert.org/vuls/id/490097
πŸ”— http://www.securitytracker.com/id?1025591
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/67739
πŸ”— http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910
πŸ”— http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
πŸ”— http://www.kb.cert.org/vuls/id/490097

Related Vulnerabilities

CVE-2012-30889.3

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally conta...

CVE-2012-24939.3

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Window...

CVE-2021-13667.8

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow...

CVE-2020-34337.8

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow...