CVE-2012-2493
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD
Description
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
Affected (16)
Products: Cisco: Anyconnect Secure Mobility Client
Configuration A
| Running on/with | Platform Versions |
|---|---|
Microsoft Windows | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 2.0 |
| Running on/with | Platform Versions |
|---|---|
Apple Mac Os X | All versions |
Linux Linux Kernel | All versions |
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.