Lucene search

[email protected]NVD:CVE-2012-3094

HistorySep 16, 2012 - 10:34 a.m.

CVE-2012-3094

2012-09-1610:34:50

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

59.2%

JSON

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.

Affected configurations

Nvd

Node

ciscoanyconnect_secure_mobility_clientMatch3.1.0

AND

linuxlinux_kernel

VendorProductVersionCPE
ciscoanyconnect_secure_mobility_client3.1.0cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:*
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	anyconnect_secure_mobility_client	3.1.0	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:::::::*
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

exchange.xforce.ibmcloud.com/vulnerabilities/78916

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.2

Confidence

Low

EPSS

0.002

Percentile

59.2%

JSON

Related for NVD:CVE-2012-3094

prion1 cve1 cvelist1