VIR Vulnerability Intelligence Relay

CVE-2013-5559

medium
Published 2013-11-04 · Modified 2026-04-29
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

Buffer overflow in the Active Template Library (ATL) framework in the VPNAPI COM module in Cisco AnyConnect Secure Mobility Client 2.x allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document, aka Bug ID CSCuj58139.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5559

Application impact
VendorProductVersionsFixed
cisco ciscoanyconnect_secure_mobility_client2.0
cisco ciscoanyconnect_secure_mobility_client2.1
cisco ciscoanyconnect_secure_mobility_client2.2
cisco ciscoanyconnect_secure_mobility_client2.2.128
cisco ciscoanyconnect_secure_mobility_client2.2.133
cisco ciscoanyconnect_secure_mobility_client2.2.136
cisco ciscoanyconnect_secure_mobility_client2.2.140
cisco ciscoanyconnect_secure_mobility_client2.3
cisco ciscoanyconnect_secure_mobility_client2.3.185
cisco ciscoanyconnect_secure_mobility_client2.3.254
cisco ciscoanyconnect_secure_mobility_client2.3.2016
cisco ciscoanyconnect_secure_mobility_client2.4
cisco ciscoanyconnect_secure_mobility_client2.4.0202
cisco ciscoanyconnect_secure_mobility_client2.4.1012
cisco ciscoanyconnect_secure_mobility_client2.4.4004
cisco ciscoanyconnect_secure_mobility_client2.4.4014
cisco ciscoanyconnect_secure_mobility_client2.4.5004
cisco ciscoanyconnect_secure_mobility_client2.4.7030
cisco ciscoanyconnect_secure_mobility_client2.4.7073
cisco ciscoanyconnect_secure_mobility_client2.5
cisco ciscoanyconnect_secure_mobility_client2.5.0217
cisco ciscoanyconnect_secure_mobility_client2.5.1025
cisco ciscoanyconnect_secure_mobility_client2.5.2001
cisco ciscoanyconnect_secure_mobility_client2.5.2006
cisco ciscoanyconnect_secure_mobility_client2.5.2010
cisco ciscoanyconnect_secure_mobility_client2.5.2011
cisco ciscoanyconnect_secure_mobility_client2.5.2014
cisco ciscoanyconnect_secure_mobility_client2.5.2017
cisco ciscoanyconnect_secure_mobility_client2.5.2018
cisco ciscoanyconnect_secure_mobility_client2.5.2019
cisco ciscoanyconnect_secure_mobility_client2.5.3041
cisco ciscoanyconnect_secure_mobility_client2.5.3046
cisco ciscoanyconnect_secure_mobility_client2.5.3051
cisco ciscoanyconnect_secure_mobility_client2.5.3054
cisco ciscoanyconnect_secure_mobility_client2.5.3055
cisco ciscoanyconnect_secure_mobility_client2.5.5112
cisco ciscoanyconnect_secure_mobility_client2.5.5116
cisco ciscoanyconnect_secure_mobility_client2.5.5118
cisco ciscoanyconnect_secure_mobility_client2.5.5125
cisco ciscoanyconnect_secure_mobility_client2.5.5130
cisco ciscoanyconnect_secure_mobility_client2.5.5131
cisco ciscoanyconnect_secure_mobility_client2.5.6005

References

CWEs

CWE-119

Verify integrity in audit chain (admin only). AS-IS.