Home/Product/cisco anyconnect secure mobility client
Product

cisco anyconnect secure mobility client

69 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2020-3432
< 4.9.00086
A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, l
5.6MEDIUM
 CVE-2024-20474
all versions
A vulnerability in Internet Key Exchange version 2 (IKEv2) processing of Cisco Secure Client Software could allow an unauthenticat
4.3MEDIUM
 CVE-2023-20241
all versions
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated
5.5MEDIUM
 CVE-2023-20240
all versions
Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated
5.5MEDIUM
 CVE-2023-20178
< 4.10.07061
A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Clie
7.8HIGH
 CVE-2021-40124
< 4.10.03104
A vulnerability in the Network Access Manager (NAM) module of Cisco AnyConnect Secure Mobility Client for Windows could allow an a
6.7MEDIUM
 CVE-2021-34788
< 4.10.03104
A vulnerability in the shared library loading mechanism of Cisco AnyConnect Secure Mobility Client for Linux and Mac OS could allo
7.0HIGH
 CVE-2021-1568
< 4.10.01075
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a den
5.5MEDIUM
 CVE-2021-1567
< 4.10.01075
A vulnerability in the DLL loading mechanism of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated,
7.0HIGH
 CVE-2021-1519
< 4.10.00093
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an
4.7MEDIUM
 CVE-2021-1496
< 4.9.03022
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows c
7.0HIGH
 CVE-2021-1430
< 4.9.06037
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows c
7.0HIGH
 CVE-2021-1429
< 4.10.00093
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows c
7.0HIGH
 CVE-2021-1428
< 4.10.00093
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows c
7.0HIGH
 CVE-2021-1427
< 4.9.06037
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows c
7.0HIGH
 CVE-2021-1426
< 4.9.06037
Multiple vulnerabilities in the install, uninstall, and upgrade processes of Cisco AnyConnect Secure Mobility Client for Windows c
7.0HIGH
 CVE-2021-1450
all versions
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client could allow an authenti
5.5MEDIUM
 CVE-2021-1366
< 4.9.05042
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow
7.8HIGH
 CVE-2021-1258
< 4.9.03047
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker w
5.5MEDIUM
 CVE-2021-1237
< 4.9.04043
A vulnerability in the Network Access Manager and Web Security Agent components of Cisco AnyConnect Secure Mobility Client for Win
7.8HIGH
 CVE-2020-3556
all versions
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client Software could allow an
7.3HIGH
 CVE-2020-27123
< 4.9.03047
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow
5.5MEDIUM
 CVE-2019-16007
< 4.8.00826
A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthent
7.1HIGH
 CVE-2020-3435
<= 4.9.00086
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow
5.5MEDIUM
 CVE-2020-3434
<= 4.9.00086
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow
5.5MEDIUM
 CVE-2020-3433
< 4.9.00086
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow
7.8HIGH
 CVE-2020-3153
< 4.8.02042
A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated loc
6.5MEDIUM
 CVE-2019-1853
all versions
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, rem
4.8MEDIUM
 CVE-2018-0373
all versions
A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client
5.5MEDIUM
 CVE-2018-0334
all versions
A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure
4.8MEDIUM
 CVE-2018-0229
all versions
A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco A
6.5MEDIUM
 CVE-2018-0100
all versions
A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacke
4.4MEDIUM
 CVE-2017-12268
all versions
A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local
6.5MEDIUM
 CVE-2017-6788
all versions
The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unaut
6.1MEDIUM
 CVE-2017-6638
<= 4.4.00243
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated,
7.8HIGH
 CVE-2017-3813
all versions
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow
7.8HIGH
 CVE-2016-9192
all versions
A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and
7.8HIGH
 CVE-2016-6369
all versions
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users
7.8HIGH
 CVE-2015-6322
all versions
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access re
 CVE-2015-6306
all versions
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allo
 CVE-2015-6305
all versions
Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure
 CVE-2015-4289
all versions
Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to
 CVE-2015-4290
all versions
The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service
 CVE-2015-4211
all versions
Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain
 CVE-2015-0761
<= 3.1\(.07021\)
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified
 CVE-2015-0755
all versions
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), al
 CVE-2015-0664
<= 4.0\(.00051\)
The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary usersp
 CVE-2015-0665
<= 4.0\(.00051\)
The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary fi
 CVE-2015-0663
<= 4.0\(.00051\)
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which
 CVE-2015-0662
<= 4.0\(.00051\)
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages tha
 CVE-2014-8021
<= 3.1\(.02043\)
Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure Mobility Client 3.1(.02043) and earlier and Cisco HostScan Eng
 CVE-2014-3314
all versions
Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication
 CVE-2013-5559
all versions
Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client
 CVE-2013-1130
all versions
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gai
 CVE-2013-1173
all versions
Heap-based buffer overflow in ciscod.exe in the Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect
 CVE-2013-1172
all versions
The Cisco Security Service in Cisco AnyConnect Secure Mobility Client (aka AnyConnect VPN Client) does not properly verify files,
 CVE-2012-3094
all versions
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux ac
 CVE-2012-3088
all versions
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally conta
 CVE-2012-2500
all versions
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during W
 CVE-2012-2499
all versions
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in a
 CVE-2012-2498
all versions
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certif
 CVE-2012-1370
all versions
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows remote authenticated users to cause a denial of service (vpnag
 CVE-2012-2496
all versions
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x
 CVE-2012-2495
all versions
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop befo
 CVE-2012-2494
all versions
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x b
 CVE-2012-2493
all versions
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Window
 CVE-2011-2041
<= 2.3.2016
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.
 CVE-2011-2040
<= 2.5.2019
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x befo
 CVE-2011-2039
<= 2.3
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin