Lucene search
CiscoCVE-2012-2496HistoryJun 20, 2012 - 8:55 p.m.
CVE-2012-2496
2012-06-2020:55:02
CWE-20
cisco
web.nvd.nist.gov
30
cisco
anyconnect
vpn
downloader
remote code execution
java applet
vulnerability
cve-2012-2496
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.006
Percentile
77.8%
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.
Affected configurations
Node
ciscoanyconnect_secure_mobility_clientMatch3.0x64
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | anyconnect_secure_mobility_client | 3.0 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0:*:*:*:*:*:x64:* |
Related
cvelist
cvelist
CVE-2012-2496
2012-06-20 20:00:00
nvd
nvd
CVE-2012-2496
2012-06-20 20:55:02
prion
prion
Information disclosure
2012-06-20 20:55:00
cisco
cisco
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
2012-06-20 16:00:00
nessus
nessus
MS 2736233: Update Rollup for ActiveX Kill Bits (2736233)
2012-09-11 00:00:00
securityvulns
securityvulns
Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities
2012-08-27 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.006
Percentile
77.8%
Related for CVE-2012-2496