Lucene search

[email protected]NVD:CVE-2012-3088

HistorySep 16, 2012 - 10:34 a.m.

CVE-2012-3088

2012-09-1610:34:50

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

74.2%

JSON

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

Affected configurations

Nvd

Node

ciscoanyconnect_secure_mobility_clientMatch3.1.0

ciscoanyconnect_secure_mobility_clientMatch3.2.0

VendorProductVersionCPE
ciscoanyconnect_secure_mobility_client3.1.0cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client3.2.0cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	anyconnect_secure_mobility_client	3.1.0	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:::::::*
cisco	anyconnect_secure_mobility_client	3.2.0	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.2.0:::::::*

References

www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

exchange.xforce.ibmcloud.com/vulnerabilities/78920

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.7

Confidence

Low

EPSS

0.004

Percentile

74.2%

JSON

Related for NVD:CVE-2012-3088

cvelist1 prion1 cve1