CVE-2012-2493 in AnyConnect Secure Mobility Clientinformación

Resumen (Inglés)

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservar

2012-05-07

Divulgación

2012-06-20

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
5577Cisco AnyConnect Secure Mobility Client VPN Downloader WebLaunch escalada de privilegios20Prueba de conceptoArreglo oficialCVE-2012-2493

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!