Lucene search
PRIOn knowledge basePRION:CVE-2012-2495HistoryJun 20, 2012 - 8:55 p.m.
Code injection
2012-06-2020:55:00
PRIOn knowledge base
www.prio-n.com
8
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.
Related
cvelist
cvelist
CVE-2012-2495
2022-10-03 16:15:35
nvd
nvd
CVE-2012-2495
2012-06-20 20:55:02
cisco
cisco
cve
cve
CVE-2012-2495
2022-10-03 16:15:35
openvas
openvas
Cisco Products ActiveX Control Multiple Vulnerabilities
2012-09-12 00:00:00
Cisco Products ActiveX Control Multiple Vulnerabilities
2012-09-12 00:00:00
nessus
nessus
MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities
2012-07-02 00:00:00
MS 2736233: Update Rollup for ActiveX Kill Bits (2736233)
2012-09-11 00:00:00
securityvulns
securityvulns
Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities
2012-08-27 00:00:00