CVE-2011-2039

high

Cisco

CVSS v3 Base Score

7.6

AV:N/AC:H/Au:N/C:C/I:C/A:C

EPSS Score

84.1%

Exploitation probability in 30 days

Top 1% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

Integrity

Availability

Published: June 2, 2011 (5459 days ago)

Last Modified: April 29, 2026

Vendor: Cisco

Source: NVD

Description

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.3.185 on Windows, and on Windows Mobile, downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a certain ActiveX control in vpnweb.ocx, aka Bug ID CSCsy00904.

CWE

CWE-20

Affected Products

cisco anyconnect secure mobility client

References

🔗 labs.idefense.com 🔗 osvdb.org 🔗 securityreason.com 🔗 www.cisco.com 🔗 www.kb.cert.org

CVE-2011-2039

Vulnerability Report

Description

CWE

Affected Products

References