The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.
2011-06-02T19:55:04.373
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.6 (HIGH)
AV:N/AC:H/Au:N/C:C/I:C/A:C
4.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | anyconnect_secure_mobility_client | ≤ 2.3 | Yes |
| Application | cisco | anyconnect_secure_mobility_client | 2.0 | Yes |
| Application | cisco | anyconnect_secure_mobility_client | 2.1 | Yes |
| Application | cisco | anyconnect_secure_mobility_client | 2.2 | Yes |
| Application | cisco | anyconnect_secure_mobility_client | 2.2.128 | Yes |
| Application | cisco | anyconnect_secure_mobility_client | 2.2.133 | Yes |
| Application | cisco | anyconnect_secure_mobility_client | 2.2.136 | Yes |
| Application | cisco | anyconnect_secure_mobility_client | 2.2.140 | Yes |
| Operating System | microsoft | windows | * | No |
| Operating System | microsoft | windows_mobile | * | No |