CVE-2012-2496Improper Input Validation in Cisco Anyconnect Secure Mobility Client

CWE-20Improper Input ValidationCWE-94Code InjectionCWE-3995 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
1.1%
top 21.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Anyconnect Secure Mobility Client
Timeline
PublishedJun 20
Latest updateMay 17

Description

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v4v3-hfpw-74cj: A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 32022-05-17
CVEList
CVE-2012-2496: A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 32012-06-20

📋Vendor Advisories

2
Cisco
Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability2012-06-20
Cisco
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client2012-06-20
CVE-2012-2496 — Improper Input Validation in Cisco | cvebase