CVE-2012-2498

2022-10-0316:15:36

CWE-287

[email protected]

web.nvd.nist.gov

168

cisco

anyconnect

secure mobility client

authentication

vulnerability

cve-2012-2498

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

36.4%

JSON

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

Affected configurations

NVD

Node

ciscoanyconnect_secure_mobility_clientMatch3.0

ciscoanyconnect_secure_mobility_clientMatch3.0.0629

ciscoanyconnect_secure_mobility_clientMatch3.0.07059

ciscoanyconnect_secure_mobility_clientMatch3.0.08057

ciscoanyconnect_secure_mobility_clientMatch3.0.08066

CPENameOperatorVersion
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq3.0
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq3.0.0629
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq3.0.07059
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq3.0.08057
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq3.0.08066

CPE	Name	Operator	Version
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	3.0
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	3.0.0629
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	3.0.07059
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	3.0.08057
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	3.0.08066