4.3
CVE-2012-2495
- EPSS 0.22%
- Published 20.06.2012 20:55:02
- Last modified 11.04.2025 00:51:21
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Anyconnect Secure Mobility Client Version3.0
Cisco ≫ Secure Desktop Version <= 3.5.2008
Cisco ≫ Secure Desktop Version3.1
Cisco ≫ Secure Desktop Version3.1.1
Cisco ≫ Secure Desktop Version3.1.1.27
Cisco ≫ Secure Desktop Version3.1.1.33
Cisco ≫ Secure Desktop Version3.1.1.45
Cisco ≫ Secure Desktop Version3.2
Cisco ≫ Secure Desktop Version3.2.1
Cisco ≫ Secure Desktop Version3.3
Cisco ≫ Secure Desktop Version3.4
Cisco ≫ Secure Desktop Version3.4.1
Cisco ≫ Secure Desktop Version3.4.2
Cisco ≫ Secure Desktop Version3.4.2048
Cisco ≫ Secure Desktop Version3.5
Cisco ≫ Secure Desktop Version3.5.841
Cisco ≫ Secure Desktop Version3.5.1077
Cisco ≫ Secure Desktop Version3.5.2001
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.22% | 0.41 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.