9.3
CVE-2012-4655
- EPSS 2.4%
- Published 24.09.2012 17:55:07
- Last modified 11.04.2025 00:51:21
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Secure Desktop Version3.1
Cisco ≫ Secure Desktop Version3.1.1
Cisco ≫ Secure Desktop Version3.1.1.27
Cisco ≫ Secure Desktop Version3.1.1.33
Cisco ≫ Secure Desktop Version3.1.1.45
Cisco ≫ Secure Desktop Version3.2
Cisco ≫ Secure Desktop Version3.2.1
Cisco ≫ Secure Desktop Version3.3
Cisco ≫ Secure Desktop Version3.4
Cisco ≫ Secure Desktop Version3.4.1
Cisco ≫ Secure Desktop Version3.4.2
Cisco ≫ Secure Desktop Version3.4.2048
Cisco ≫ Secure Desktop Version3.5
Cisco ≫ Secure Desktop Version3.5.841
Cisco ≫ Secure Desktop Version3.5.1077
Cisco ≫ Secure Desktop Version3.5.2001
Cisco ≫ Secure Desktop Version3.5.2008
Cisco ≫ Secure Desktop Version3.6
Cisco ≫ Secure Desktop Version3.6.181
Cisco ≫ Secure Desktop Version3.6.185
Cisco ≫ Secure Desktop Version3.6.1001
Cisco ≫ Secure Desktop Version3.6.2002
Cisco ≫ Secure Desktop Version3.6.3002
Cisco ≫ Secure Desktop Version3.6.4021
Cisco ≫ Secure Desktop Version3.6.5005
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.4% | 0.836 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.