Executive Summary
| Summary | |
|---|---|
| Title | Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20120620-ac | First vendor Publication | 2012-06-20 |
| Vendor | Cisco | Last vendor Modification | 2012-09-19 |
| Severity (Vendor) | N/A | Revision | 2.0 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: * Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability * Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability * Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop Hostscan Downloader Software Downgrade Vulnerability * Cisco AnyConnect Secure Mobility Client 64-bit Java VPN Downloader Arbitrary Code Execution Vulnerability * Cisco Secure Desktop Arbitrary Code Execution Vulnerability Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Note: Revision 2.0 of this advisory corrects an inadvertent omission in the original advisory, which failed to list that the fixes also address a vulnerability in Cisco Secure Desktop, described by CVE-2012-4655. BEGIN PGP SIGNATURE Version: GnuPG v1.4.11 (GNU/Linux) iF4EAREIAAYFAlBZ8RsACgkQUddfH3/BbTrMXAD+KzDhX4MHl8balbQ1dcfDrmeu LwCqi3iKEPcAqHsa3sYBAI6GvgsZ99r1+5O3p7WBHGvWwcgRPQdAdSaWXznICylf =J7RB END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-09-12 | Name : Cisco Products ActiveX Control Multiple Vulnerabilities File : nvt/gb_cisco_prdts_activex_mult_vuln.nasl |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2012-06-28 | IAVM : 2012-A-0104 - Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client Severity : Category I - VMSKEY : V0033046 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-09-11 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_kb_2736233.nasl - Type : ACT_GATHER_INFO |
| 2012-07-02 | Name : The remote host has software installed that is affected by a software downgra... File : cisco_anyconnect_vpn_downgrade.nasl - Type : ACT_GATHER_INFO |
| 2012-07-02 | Name : The remote host has software installed that is affected by an arbitrary code ... File : cisco_anyconnect_vpn_downloader_code_execution.nasl - Type : ACT_GATHER_INFO |
| 2012-07-02 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : cisco_anyconnect_vpn_hostscan_downgrade.nasl - Type : ACT_GATHER_INFO |
| 2012-07-02 | Name : The remote host has software installed that is affected by multiple vulnerabi... File : macosx_cisco_anyconnect_multiple.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-10-04 13:26:24 |
|
| 2014-02-17 10:22:04 |
|
| 2013-11-11 12:37:30 |
|
