CVE-2012-2493 in AnyConnect Secure Mobility Clientinfo

Summary

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

05/07/2012

Disclosure

06/20/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
5577Cisco AnyConnect Secure Mobility Client VPN Downloader WebLaunch input validation20Proof-of-ConceptOfficial fixCVE-2012-2493

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!