Secure Desktop

secure_desktop

Vendor: Cisco • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-0691 1Cisco 1Secure Desktop May 6, 2026 Apr 17, 2015 N/A· v4 N/A· v3 9.3 HIGH· v2 A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
CVE-2012-4655 1Cisco 1Secure Desktop Apr 29, 2026 Sep 24, 2012 N/A· v4 N/A· v3 9.3 HIGH· v2 The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving...Show more The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.Show less
CVE-2012-2495 1Cisco 2Anyconnect Secure Mobility Client Secure Desktop Apr 29, 2026 Jun 20, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of install...Show more The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.Show less
CVE-2011-0925 1Cisco 1Secure Desktop Apr 29, 2026 Feb 28, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying...Show more The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.Show less
CVE-2011-0926 1Cisco 1Secure Desktop Apr 29, 2026 Feb 25, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoof...Show more A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.Show less
CVE-2009-5008 1Cisco 1Secure Desktop Apr 29, 2026 Oct 14, 2010 N/A· v4 N/A· v3 2.1 LOW· v2 Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable fi...Show more Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.Show less
CVE-2010-0589 1Cisco 1Secure Desktop Apr 29, 2026 Apr 15, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execu...Show more The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure Desktop (CSD) before 3.5.841 does not properly verify the signatures of downloaded programs, which allows remote attackers to force the download and execution of arbitrary files via a crafted web page, aka Bug ID CSCta25876.Show less
CVE-2010-0440 1Cisco 2Adaptive Security Appliance Software Secure Desktop Apr 29, 2026 Feb 3, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers...Show more Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.Show less
CVE-2006-5808 1Cisco 1Secure Desktop Apr 23, 2026 Nov 8, 2006 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by repl...Show more The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation".Show less
CVE-2006-5807 1Cisco 1Secure Desktop Apr 23, 2026 Nov 8, 2006 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion".
CVE-2006-5806 1Cisco 1Secure Desktop Apr 23, 2026 Nov 8, 2006 N/A· v4 N/A· v3 2.1 LOW· v2 SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does...Show more SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data.Show less
CVE-2006-5394 1Cisco 1Secure Desktop Apr 23, 2026 Oct 18, 2006 N/A· v4 N/A· v3 2.1 LOW· v2 The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL...Show more The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.Show less
CVE-2006-5393 1Cisco 1Secure Desktop Apr 23, 2026 Oct 18, 2006 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user...Show more Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.Show less