← Back

CVE-2011-2039

nvd nist
Published: Jun 2, 2011Modified: Apr 29, 2026

JSON object

Loading...
7.6
Vector
AV:N/AC:H/Au:N/C:C/I:C/A:C
Exploitability: 4.9 / Impact: 10.0
Source: NVD

Description

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

Affected (8)

Cisco
1 product
Anyconnect Secure Mobility Client
Configuration A
8 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Cisco
Anyconnect Secure Mobility Client
Up to 2.3
Anyconnect Secure Mobility Client
Version 2.0
Anyconnect Secure Mobility Client
Version 2.1
Anyconnect Secure Mobility Client
Version 2.2.128
Anyconnect Secure Mobility Client
Version 2.2.133
Anyconnect Secure Mobility Client
Version 2.2.136
Anyconnect Secure Mobility Client
Version 2.2.140
Anyconnect Secure Mobility Client
Version 2.2
Running on/withPlatform Versions
Microsoft
Windows
All versions
Microsoft
Windows Mobile
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (14)

Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
US Government Resource
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.