CVE-2012-3094

Published: Sep 16, 2012Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.

Affected (1)

Products: Cisco: Anyconnect Secure Mobility Client

1 product

Anyconnect Secure Mobility Client

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Anyconnect Secure Mobility Client	Version 3.1.0

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/78916

Source: psirt@cisco.com

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/78916

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.