Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-4655

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Published

2012-09-24T17:55:07.157

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	secure_desktop	3.1	Yes
Application	cisco	secure_desktop	3.1.1	Yes
Application	cisco	secure_desktop	3.1.1.27	Yes
Application	cisco	secure_desktop	3.1.1.33	Yes
Application	cisco	secure_desktop	3.1.1.45	Yes
Application	cisco	secure_desktop	3.2	Yes
Application	cisco	secure_desktop	3.2.1	Yes
Application	cisco	secure_desktop	3.3	Yes
Application	cisco	secure_desktop	3.4	Yes
Application	cisco	secure_desktop	3.4.1	Yes
Application	cisco	secure_desktop	3.4.2	Yes
Application	cisco	secure_desktop	3.4.2048	Yes
Application	cisco	secure_desktop	3.5	Yes
Application	cisco	secure_desktop	3.5.841	Yes
Application	cisco	secure_desktop	3.5.1077	Yes
Application	cisco	secure_desktop	3.5.2001	Yes
Application	cisco	secure_desktop	3.5.2008	Yes
Application	cisco	secure_desktop	3.6	Yes
Application	cisco	secure_desktop	3.6.181	Yes
Application	cisco	secure_desktop	3.6.185	Yes
Application	cisco	secure_desktop	3.6.1001	Yes
Application	cisco	secure_desktop	3.6.2002	Yes
Application	cisco	secure_desktop	3.6.3002	Yes
Application	cisco	secure_desktop	3.6.4021	Yes
Application	cisco	secure_desktop	3.6.5005	Yes

References

http://secunia.com/advisories/50669 ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/55606 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 ([email protected])
http://secunia.com/advisories/50669 (af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/55606 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 (af854a3a-2127-422b-91ae-364da2661108)