CVE-2012-2500

EPSS 0.14%
Veröffentlicht 06.08.2012 17:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Anyconnect Secure Mobility Client Version3.0

Cisco ≫ Anyconnect Secure Mobility Client Version3.0.0629

Cisco ≫ Anyconnect Secure Mobility Client Version3.0.07059

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.302

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	4.9	4.9	AV:N/AC:H/Au:N/C:P/I:P/A:N

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect30/release/notes/anyconnect30rn.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2012-2500

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2500

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2500

EUVD