CVE-2012-2499 — Cisco Anyconnect Secure Mobility Client vulnerability

CWE-3104 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.1%
top 66.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Anyconnect Secure Mobility Client
Timeline
PublishedAug 6
Latest updateMay 17

Description

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

â–¶NVDcisco/anyconnect_secure_mobility_client3.0, 3.0.0629, 3.0.07059+2

🔴Vulnerability Details

2
GHSA
GHSA-fr9x-25xx-fj42: The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3↗2022-05-17
â–¶
CVEList
CVE-2012-2499: The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3↗2012-08-06
â–¶

📋Vendor Advisories

1
Cisco
Cisco AnyConnect Secure Mobility Client IPsec Certificate Validation Vulnerability↗2012-08-09
â–¶
CVE-2012-2499 — Cisco vulnerability | cvebase