Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2493

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-2493
Last Modified 21 Jun 2012 12:00:00
Published 20 Jun 2012 04:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2493

Summary

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Vulnerable Systems

Application

  • Cisco Anyconnect Secure Mobility Client 2.0

  • Cisco Anyconnect Secure Mobility Client 2.1

  • Cisco Anyconnect Secure Mobility Client 2.2

  • Cisco Anyconnect Secure Mobility Client 2.2.128

  • Cisco Anyconnect Secure Mobility Client 2.2.133

  • Cisco Anyconnect Secure Mobility Client 2.2.136

  • Cisco Anyconnect Secure Mobility Client 2.2.140

  • Cisco Anyconnect Secure Mobility Client 2.3

  • Cisco Anyconnect Secure Mobility Client 2.3.185

  • Cisco Anyconnect Secure Mobility Client 2.3.2016

  • Cisco Anyconnect Secure Mobility Client 2.3.254

  • Cisco Anyconnect Secure Mobility Client 2.4

  • Cisco Anyconnect Secure Mobility Client 2.4.0202

  • Cisco Anyconnect Secure Mobility Client 2.4.1012

  • Cisco Anyconnect Secure Mobility Client 2.5

  • Cisco Anyconnect Secure Mobility Client 3.0


References

CISCO - 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client


Last Updated: 27 May 2016 10:56:33