CVE-2012-3088 — Cisco Anyconnect Secure Mobility Client vulnerability

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

0.5%

top 34.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Anyconnect Secure Mobility Client

Timeline

PublishedSep 16

Latest updateMay 17

Description

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDcisco/anyconnect_secure_mobility_client3.1.0, 3.2.0+1

🔴Vulnerability Details

GHSA

GHSA-mvf6-4p6h-52hv: Cisco AnyConnect Secure Mobility Client 3↗2022-05-17

▶

CVEList

CVE-2012-3088: Cisco AnyConnect Secure Mobility Client 3↗2012-09-16

▶