Cisco Secure Desktop 3.5.2001

CPE Details

Cisco Secure Desktop 3.5.2001
cisco
secure_desktop
3.5.2001
2012-06-21
13h36 +00:00
2012-08-24
17h55 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cisco:secure_desktop:3.5.2001:*:*:*:*:*:*:*

Informations

Vendor

cisco

Product

secure_desktop

Version

3.5.2001

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2015-0691 2015-04-16 23h00 +00:00 A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
9.3
CVE-2012-4655 2012-09-24 15h00 +00:00 The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
9.3
CVE-2012-2495 2012-06-20 20h00 +00:00 The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.
4.3
CVE-2011-0925 2011-02-28 14h00 +00:00 The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.
9.3
CVE-2011-0926 2011-02-25 16h00 +00:00 A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
9.3
CVE-2009-5008 2010-10-12 21h00 +00:00 Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.
2.1
CVE-2006-5393 2006-10-18 17h00 +00:00 Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
2.1
CVE-2006-5394 2006-10-18 17h00 +00:00 The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.
2.1