CVE-2011-2039 - OpenCVE

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:H/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Anyconnect Secure Mobility Client
Microsoft	Windows Windows Mobile

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:anyconnect_secure_mobility_client::::::::
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:::::::*

OR	cpe:2.3:o:microsoft:windows::::::::
	cpe:2.3:o:microsoft:windows_mobile::::::::

References

Link	Resource
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909
http://osvdb.org/72714
http://securityreason.com/securityalert/8272
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml	Vendor Advisory
http://www.kb.cert.org/vuls/id/490097	US Government Resource
http://www.securitytracker.com/id?1025591
https://exchange.xforce.ibmcloud.com/vulnerabilities/67739

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2011-06-02T19:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2011-05-10T00:00:00

Link: CVE-2011-2039

JSON object: View

NVD Information

Status : Modified

Published: 2011-06-02T19:55:04.373

Modified: 2017-08-29T01:29:15.720

Link: CVE-2011-2039

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-01T00:00:00", "descriptions": [{"lang": "en", "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "72714", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/72714"}, {"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"}, {"name": "8272", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8272"}, {"name": "1025591", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1025591"}, {"name": "VU#490097", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/490097"}, {"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability", "tags": ["third-party-advisory", "x_refsource_IDEFENSE"], "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"}, {"name": "cisco-asmc-helper-code-execution(67739)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2011-2039", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72714", "refsource": "OSVDB", "url": "http://osvdb.org/72714"}, {"name": "20110601 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "refsource": "CISCO", "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"}, {"name": "8272", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8272"}, {"name": "1025591", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025591"}, {"name": "VU#490097", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/490097"}, {"name": "20110601 Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability", "refsource": "IDEFENSE", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"}, {"name": "cisco-asmc-helper-code-execution(67739)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2011-2039", "datePublished": "2011-06-02T19:00:00", "dateReserved": "2011-05-10T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "29845E2B-0BED-4C8F-8A41-260D6E9ECB1B", "versionEndIncluding": "2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "6B522088-2084-491B-98F0-3E3CCD88131F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "DA179B71-AC81-4587-8FB1-0466B2550975", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "210B66BB-4E2C-4D9E-BFBB-69916A42287C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*", "matchCriteriaId": "B77EB2C9-BACE-46EA-AA72-FF1C7EB1A5F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*", "matchCriteriaId": "06527370-E73A-40FF-8E02-E0337536C7C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*", "matchCriteriaId": "A617295C-F518-4BC7-8442-E476448D8F01", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*", "matchCriteriaId": "E71A1D6B-8E87-4E3A-A1AE-DE44C2C348F9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*", "matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904."}, {"lang": "es", "value": "La aplicaci\u00f3n de ayuda en Cisco Secure Mobility AnyConnect Client (anteriormente AnyConnect VPN Client) antes de v2.3.185 para Windows y Windows Mobile, descarga un archivo de cliente ejecutable, sin verificar su autenticidad, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario por suplantaci\u00f3n de identidad del servidor VPN. Error tambi\u00e9n conocido como Bug ID CSCsy00904."}], "id": "CVE-2011-2039", "lastModified": "2017-08-29T01:29:15.720", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.6, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-02T19:55:04.373", "references": [{"source": "ykramarz@cisco.com", "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=909"}, {"source": "ykramarz@cisco.com", "url": "http://osvdb.org/72714"}, {"source": "ykramarz@cisco.com", "url": "http://securityreason.com/securityalert/8272"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml"}, {"source": "ykramarz@cisco.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/490097"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id?1025591"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67739"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}