CVE-2011-2039

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

Published: Jun 2, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2039
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / anyconnect_secure_mobility_client	-	2.3.x
cisco / anyconnect_secure_mobility_client	2.0	2.0.x
cisco / anyconnect_secure_mobility_client	2.1	2.1.x
cisco / anyconnect_secure_mobility_client	2.2	2.2.x
cisco / anyconnect_secure_mobility_client	2.2.128	2.2.128.x
cisco / anyconnect_secure_mobility_client	2.2.133	2.2.133.x
cisco / anyconnect_secure_mobility_client	2.2.136	2.2.136.x
cisco / anyconnect_secure_mobility_client	2.2.140	2.2.140.x

Vulnerability Database

289,784

CVE-2011-2039