CVE-2012-2493

EUVD-2012-2479
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
ciscoanyconnect_secure_mobility_client
2.0
ciscoanyconnect_secure_mobility_client
2.1
ciscoanyconnect_secure_mobility_client
2.2
ciscoanyconnect_secure_mobility_client
2.2.128
ciscoanyconnect_secure_mobility_client
2.2.133
ciscoanyconnect_secure_mobility_client
2.2.136
ciscoanyconnect_secure_mobility_client
2.2.140
ciscoanyconnect_secure_mobility_client
2.3
ciscoanyconnect_secure_mobility_client
2.3.185
ciscoanyconnect_secure_mobility_client
2.3.254
ciscoanyconnect_secure_mobility_client
2.3.2016
ciscoanyconnect_secure_mobility_client
2.4
ciscoanyconnect_secure_mobility_client
2.4.0202
ciscoanyconnect_secure_mobility_client
2.4.1012
ciscoanyconnect_secure_mobility_client
2.5
ciscoanyconnect_secure_mobility_client
2.0
ciscoanyconnect_secure_mobility_client
2.1
ciscoanyconnect_secure_mobility_client
2.2
ciscoanyconnect_secure_mobility_client
2.2.128
ciscoanyconnect_secure_mobility_client
2.2.133
ciscoanyconnect_secure_mobility_client
2.2.136
ciscoanyconnect_secure_mobility_client
2.2.140
ciscoanyconnect_secure_mobility_client
2.3
ciscoanyconnect_secure_mobility_client
2.3.185
ciscoanyconnect_secure_mobility_client
2.3.254
ciscoanyconnect_secure_mobility_client
2.3.2016
ciscoanyconnect_secure_mobility_client
2.4
ciscoanyconnect_secure_mobility_client
2.4.0202
ciscoanyconnect_secure_mobility_client
2.4.1012
ciscoanyconnect_secure_mobility_client
2.5
ciscoanyconnect_secure_mobility_client
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac