CVE-2012-2493 in Cisco AnyConnect Secure Mobility Clientinfo

Zusammenfassung (Englisch)

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Reservieren

07.05.2012

Veröffentlichung

20.06.2012

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
5577	Cisco AnyConnect Secure Mobility Client VPN Downloader WebLaunch erweiterte Rechte	20	Proof-of-Concept	Offizieller Fix	CVE-2012-2493

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!