CVE-2012-2493

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
ciscoanyconnect_secure_mobility_client
2.0
ciscoanyconnect_secure_mobility_client
2.1
ciscoanyconnect_secure_mobility_client
2.2
ciscoanyconnect_secure_mobility_client
2.2.128
ciscoanyconnect_secure_mobility_client
2.2.133
ciscoanyconnect_secure_mobility_client
2.2.136
ciscoanyconnect_secure_mobility_client
2.2.140
ciscoanyconnect_secure_mobility_client
2.3
ciscoanyconnect_secure_mobility_client
2.3.185
ciscoanyconnect_secure_mobility_client
2.3.254
ciscoanyconnect_secure_mobility_client
2.3.2016
ciscoanyconnect_secure_mobility_client
2.4
ciscoanyconnect_secure_mobility_client
2.4.0202
ciscoanyconnect_secure_mobility_client
2.4.1012
ciscoanyconnect_secure_mobility_client
2.5
ciscoanyconnect_secure_mobility_client
2.0
ciscoanyconnect_secure_mobility_client
2.1
ciscoanyconnect_secure_mobility_client
2.2
ciscoanyconnect_secure_mobility_client
2.2.128
ciscoanyconnect_secure_mobility_client
2.2.133
ciscoanyconnect_secure_mobility_client
2.2.136
ciscoanyconnect_secure_mobility_client
2.2.140
ciscoanyconnect_secure_mobility_client
2.3
ciscoanyconnect_secure_mobility_client
2.3.185
ciscoanyconnect_secure_mobility_client
2.3.254
ciscoanyconnect_secure_mobility_client
2.3.2016
ciscoanyconnect_secure_mobility_client
2.4
ciscoanyconnect_secure_mobility_client
2.4.0202
ciscoanyconnect_secure_mobility_client
2.4.1012
ciscoanyconnect_secure_mobility_client
2.5
ciscoanyconnect_secure_mobility_client
3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac