This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote host has software installed that is affected by multiple
The remote host has a version of Cisco AnyConnect 2.x or 3.x prior to
3.0(629) and is, therefore, affected by the following vulnerabilities :
- When the client is obtained from the VPN headend using
a web browser, a helper application performs the
download and installation. This helper application does
not verify the authenticity of the downloaded installer,
which could allow an attacker to send malicious code to
the user instead. Note 2.x versions prior to 2.5.3041
are affected by this vulnerability. (CVE-2011-2040)
- When the VPNAPI COM module calls the ATL framework,
certain input data are not properly validated. This
could allow a buffer overflow, which could lead to
arbitrary code execution. (CVE-2013-5559)
See also :
Upgrade to Cisco AnyConnect Secure Mobility Client 3.0(629) or
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true
Family: MacOS X Local Security Checks
Nessus Plugin ID: 71465 ()
Bugtraq ID: 4808163491
CVE ID: CVE-2011-2040CVE-2013-5559
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.