CVE-2012-4655Improper Input Validation in Cisco Secure Desktop

CWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
9.3CRITICALNVD
EPSS
2.4%
top 14.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Secure Desktop
Timeline
PublishedSep 24
Latest updateMay 17

Description

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDcisco/secure_desktop25 versions+24

🔴Vulnerability Details

2
GHSA
GHSA-h48c-fg4r-j3m4: The WebLaunch feature in Cisco Secure Desktop before 32022-05-17
CVEList
CVE-2012-4655: The WebLaunch feature in Cisco Secure Desktop before 32012-09-24

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client2012-06-20
CVE-2012-4655 — Improper Input Validation in Cisco | cvebase