Detections
Analytics
Cisco AnyConnect Secure Mobility Client < 2.3.254 Multiple Vulnerabilities
high Nessus Plugin ID 54954
Language:
Synopsis
The VPN client installed on the remote Windows host has multiple vulnerabilities.Description
The version of Cisco AnyConnect Secure Mobility Client installed on the remote host is earlier than 2.3.254 and may have the following vulnerabilities :- When the client is obtained from the VPN headend using a web browser, a helper application performs the download and installation. This helper application does not verify the authenticity of the downloaded installer, which could allow an attacker to send malicious code to the user instead. Only versions prior to 2.3.185 are affected by this vulnerability. (CVE-2011-2039)
- Unprivileged users can elevate to LocalSystem privileges by enabling the Start Before Logon feature and performing unspecified actions with the Cisco AnyConnect Secure Mobility client interface in the Windows logon screen. (CVE-2011-2041)
Solution
Upgrade to version 2.3.254 or later.See Also
Plugin Details
Severity: High
ID: 54954
File Name: cisco_anyconnect_vpn_2_3_254.nasl
Version: 1.16
Type: local
Agent: windows
Family: Windows
Published: 6/3/2011
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:cisco:anyconnect_secure_mobility_client
Required KB Items: SMB/cisco_anyconnect/NumInstalled
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/1/2011
Vulnerability Publication Date: 6/1/2011
Exploitable With
Metasploit (Cisco AnyConnect VPN Client ActiveX URL Property Download and Execute)
Reference Information
CVE: CVE-2011-2039, CVE-2011-2041