CVE-2012-2498Improper Authentication in Cisco Anyconnect Secure Mobility Client

CWE-287Improper AuthenticationCWE-3104 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.1%
top 71.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Anyconnect Secure Mobility Client
Timeline
PublishedAug 6
Latest updateMay 17

Description

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-j35p-59jh-58v4: Cisco AnyConnect Secure Mobility Client 32022-05-17
CVEList
CVE-2012-2498: Cisco AnyConnect Secure Mobility Client 32012-08-06

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client Man-in-the-Middle Attack Vulnerability2012-08-09
CVE-2012-2498 — Improper Authentication in Cisco | cvebase