Lucene search
CiscoCVE-2012-3094HistorySep 16, 2012 - 10:34 a.m.
CVE-2012-3094
2012-09-1610:34:50
CWE-200
cisco
web.nvd.nist.gov
21
cisco
anyconnect
secure mobility client
vpn
downloader
linux
vulnerability
cve-2012-3094
nvd
bug id cscua11967
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.002
Percentile
59.2%
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.
Affected configurations
Node
ciscoanyconnect_secure_mobility_clientMatch3.1.0
linuxlinux_kernel
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | anyconnect_secure_mobility_client | 3.1.0 | cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2012-09-16 10:34:00
nvd
nvd
CVE-2012-3094
2012-09-16 10:34:50
cvelist
cvelist
CVE-2012-3094
2012-09-16 10:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.3
Confidence
Low
EPSS
0.002
Percentile
59.2%
Related for CVE-2012-3094