Cisco: >> Secure Desktop >> 3.6.6228 Security Vulnerabilities
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
CVSS Score
9.3
EPSS Score
0.007
Published
2015-04-17
The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.
CVSS Score
9.3
EPSS Score
0.024
Published
2011-02-28
A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
CVSS Score
9.3
EPSS Score
0.045
Published
2011-02-25
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file.
CVSS Score
2.1
EPSS Score
0.001
Published
2010-10-14
Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.
CVSS Score
5.5
EPSS Score
0.001
Published
2006-10-18
The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session.
CVSS Score
2.1
EPSS Score
0.001
Published
2006-10-18