CVE-2011-2041

EUVD-2011-2035
The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.254 on Windows, and on Windows Mobile, allows local users to gain privileges via unspecified user-interface interaction, aka Bug ID CSCta40556.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 19%
Affected Products (NVD)
VendorProductVersion
ciscoanyconnect_secure_mobility_client
𝑥
≤ 2.3.2016
ciscoanyconnect_secure_mobility_client
2.0
ciscoanyconnect_secure_mobility_client
2.1
ciscoanyconnect_secure_mobility_client
2.2
ciscoanyconnect_secure_mobility_client
2.2.128
ciscoanyconnect_secure_mobility_client
2.2.133
ciscoanyconnect_secure_mobility_client
2.2.136
ciscoanyconnect_secure_mobility_client
2.2.140
ciscoanyconnect_secure_mobility_client
2.3
ciscoanyconnect_secure_mobility_client
2.3.185
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/72716
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
http://www.securityfocus.com/bid/48077
http://www.securitytracker.com/id?1025591
http://osvdb.org/72716
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
http://www.securityfocus.com/bid/48077
http://www.securitytracker.com/id?1025591