CVE-2012-3088

Published: Sep 16, 2012Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

Affected (2)

Products: Cisco: Anyconnect Secure Mobility Client

1 product

Anyconnect Secure Mobility Client

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Anyconnect Secure Mobility Client	Version 3.1.0
Cisco Anyconnect Secure Mobility Client	Version 3.2.0

References (4)

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/78920

Source: psirt@cisco.com

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/78920

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.