CVE-2011-2041

Published Jun 2, 2011

Last updated 13 years ago

CVSS info 7.2

Overview

Description: The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5E277CA-0339-4883-B846-1996DBB3ECB8",
            "versionEndIncluding": "2.3.2016"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B522088-2084-491B-98F0-3E3CCD88131F"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA179B71-AC81-4587-8FB1-0466B2550975"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "210B66BB-4E2C-4D9E-BFBB-69916A42287C"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B77EB2C9-BACE-46EA-AA72-FF1C7EB1A5F4"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06527370-E73A-40FF-8E02-E0337536C7C1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A617295C-F518-4BC7-8442-E476448D8F01"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E71A1D6B-8E87-4E3A-A1AE-DE44C2C348F9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8AD6158-17AB-443D-8EC1-5FDE5852CAEC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BBF395D-9E90-44C1-8E99-3631FFF24487"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_mobile:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D553418E-61B6-4BCA-9260-693260A9BB86"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References