Lucene search
HistoryAug 06, 2012 - 5:55 p.m.
CVE-2012-2498
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.4%
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
Affected configurations
Node
ciscoanyconnect_secure_mobility_clientMatch3.0
ORciscoanyconnect_secure_mobility_clientMatch3.0.0629
ORciscoanyconnect_secure_mobility_clientMatch3.0.07059
ORciscoanyconnect_secure_mobility_clientMatch3.0.08057
ORciscoanyconnect_secure_mobility_clientMatch3.0.08066
Related
prion
prion
Authentication flaw
2012-08-06 17:55:00
cve
cve
CVE-2012-2498
2022-10-03 16:15:36
nessus
nessus
Cisco AnyConnect Secure Mobility Client 3.1 < 3.1(495) MiTM
2012-08-13 00:00:00
Mac OS X : Cisco AnyConnect Secure Mobility Client 3.1 < 3.1(495) MiTM
2012-08-13 00:00:00
cisco
cisco
cvelist
cvelist
CVE-2012-2498
2022-10-03 16:15:36
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
6.3 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
36.4%
Related for NVD:CVE-2012-2498