Cisco AnyConnect Secure Mobility Client 2.x / 3.x < 3.0(629) ATL Buffer Overflow

High Nessus Plugin ID 71464


The remote host has software installed that is affected by a buffer overflow vulnerability.


The remote host has a version of Cisco AnyConnect 2.x or 3.x prior to 3.1(629). As such, when the VPNAPI COM module calls the ATL framework, certain input data are not properly validated and could allow a buffer overflow. This error could lead to arbitrary code execution.


Upgrade to Cisco AnyConnect Secure Mobility Client 3.0(629) or later.

See Also

Plugin Details

Severity: High

ID: 71464

File Name: cisco_anyconnect_3_0_629.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2013/12/16

Modified: 2017/04/27

Dependencies: 54953

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:anyconnect_secure_mobility_client

Required KB Items: SMB/cisco_anyconnect/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2013/11/04

Vulnerability Publication Date: 2013/11/01

Reference Information

CVE: CVE-2013-5559

BID: 63491

OSVDB: 99258