CVE-2011-2040

CRITICAL

9.3

CVSS Severity Score

EPSS Score0.0660%

EPSS Percentile10.84th

Published2011年6月2日

Last Modified2026年4月29日

Vulnerability Description

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.

Affected Platforms (CPE)

📦

Cisco

Anyconnect Secure Mobility Client

<= 2.5.2019

📦

Cisco

Anyconnect Secure Mobility Client

= 2.0

📦

Cisco

Anyconnect Secure Mobility Client

= 2.1

📦

Cisco

Anyconnect Secure Mobility Client

= 2.2

📦

Cisco

Anyconnect Secure Mobility Client

= 2.2.128

📦

Cisco

Anyconnect Secure Mobility Client

= 2.2.133

📦

Cisco

Anyconnect Secure Mobility Client

= 2.2.136

📦

Cisco

Anyconnect Secure Mobility Client

= 2.2.140

📦

Cisco

Anyconnect Secure Mobility Client

= 2.3

📦

Cisco

Anyconnect Secure Mobility Client

= 2.3.185

📦

Cisco

Anyconnect Secure Mobility Client

= 2.3.254

📦

Cisco

Anyconnect Secure Mobility Client

= 2.3.2016

📦

Cisco

Anyconnect Secure Mobility Client

= 2.4

📦

Cisco

Anyconnect Secure Mobility Client

= 2.4.0202

📦

Cisco

Anyconnect Secure Mobility Client

= 2.4.1012

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.1025

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.2001

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.2006

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.2010

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.2011

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.2014

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.2017

📦

Cisco

Anyconnect Secure Mobility Client

= 2.5.2018

📦

Cisco

Anyconnect Secure Mobility Client

= 3.0

References & Advisories

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910

🔗 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml

🔗 http://www.kb.cert.org/vuls/id/490097

🔗 http://www.securitytracker.com/id?1025591

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/67739

🔗 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=910

🔗 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml

🔗 http://www.kb.cert.org/vuls/id/490097

Vulnerability Description

Affected Platforms (CPE)

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

Anyconnect Secure Mobility Client

References & Advisories

関連する脆弱性情報