CVE-2011-2041

The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
ciscoanyconnect_secure_mobility_client
𝑥
≤ 2.3.2016
ciscoanyconnect_secure_mobility_client
2.0
ciscoanyconnect_secure_mobility_client
2.1
ciscoanyconnect_secure_mobility_client
2.2
ciscoanyconnect_secure_mobility_client
2.2.128
ciscoanyconnect_secure_mobility_client
2.2.133
ciscoanyconnect_secure_mobility_client
2.2.136
ciscoanyconnect_secure_mobility_client
2.2.140
ciscoanyconnect_secure_mobility_client
2.3
ciscoanyconnect_secure_mobility_client
2.3.185
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/72716
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
http://www.securityfocus.com/bid/48077
http://www.securitytracker.com/id?1025591
http://osvdb.org/72716
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
http://www.securityfocus.com/bid/48077
http://www.securitytracker.com/id?1025591