Cisco AnyConnect Secure Mobility Client 4.10.03104 for Windows

CPE Details

Cisco AnyConnect Secure Mobility Client 4.10.03104 for Windows
cisco
anyconnect_secure_mobility_client
4.10.03104
2021-11-05
10h17 +00:00
2021-12-03
15h46 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cisco:anyconnect_secure_mobility_client:4.10.03104:*:*:*:*:windows:*:*

Informations

Vendor

cisco

Product

anyconnect_secure_mobility_client

Version

4.10.03104

Target Software

windows

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-20178 2023-06-27 22h00 +00:00 A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.
7.8
High
CVE-2018-0100 2018-01-18 05h00 +00:00 A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341.
4.4
Medium