Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-2493

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Published

2012-06-20T20:55:02.137

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	anyconnect_secure_mobility_client	2.0	Yes
Application	cisco	anyconnect_secure_mobility_client	2.1	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.128	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.133	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.136	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.140	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3.185	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3.254	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3.2016	Yes
Application	cisco	anyconnect_secure_mobility_client	2.4	Yes
Application	cisco	anyconnect_secure_mobility_client	2.4.0202	Yes
Application	cisco	anyconnect_secure_mobility_client	2.4.1012	Yes
Application	cisco	anyconnect_secure_mobility_client	2.5	Yes
Operating System	microsoft	windows	*	No
Application	cisco	anyconnect_secure_mobility_client	2.0	Yes
Application	cisco	anyconnect_secure_mobility_client	2.1	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.128	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.133	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.136	Yes
Application	cisco	anyconnect_secure_mobility_client	2.2.140	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3.185	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3.254	Yes
Application	cisco	anyconnect_secure_mobility_client	2.3.2016	Yes
Application	cisco	anyconnect_secure_mobility_client	2.4	Yes
Application	cisco	anyconnect_secure_mobility_client	2.4.0202	Yes
Application	cisco	anyconnect_secure_mobility_client	2.4.1012	Yes
Application	cisco	anyconnect_secure_mobility_client	2.5	Yes
Application	cisco	anyconnect_secure_mobility_client	3.0	Yes
Operating System	apple	mac_os_x	*	No
Operating System	linux	linux_kernel	*	No

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Vendor Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)