Lucene search
HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-2500
cisco
anyconnect
secure mobility client
x.509 certificate
weblaunch
ipsec
cve-2012-2500
nvd
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.9%
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
Affected configurations
Node
ciscoanyconnect_secure_mobility_clientMatch3.0
ORciscoanyconnect_secure_mobility_clientMatch3.0.0629
ORciscoanyconnect_secure_mobility_clientMatch3.0.07059
Related
cisco
cisco
cvelist
cvelist
CVE-2012-2500
2022-10-03 16:15:35
nvd
nvd
CVE-2012-2500
2012-08-06 17:55:01
prion
prion
Code injection
2012-08-06 17:55:00
nessus
nessus
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6.4 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
27.9%
Related for CVE-2012-2500