PT-2012-4063 · Linux+3 · Linux+3
Publicado
2012-06-20
·
Atualizado
2012-08-22
·
CVE-2012-2493
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco AnyConnect Secure Mobility Client versions 2.x through 2.5 MR5 on Windows
Cisco AnyConnect Secure Mobility Client versions 2.x through 2.5 MR5 on Mac OS X and Linux
Cisco AnyConnect Secure Mobility Client versions 3.x through 3.0 MR7 on Mac OS X and Linux
Description
The issue is related to the VPN downloader implementation in the WebLaunch feature, which does not properly validate received binaries. This allows remote attackers to execute arbitrary code via vectors involving ActiveX or Java components.
Recommendations
For Cisco AnyConnect Secure Mobility Client version 2.x on Windows, update to version 2.5 MR6 or later.
For Cisco AnyConnect Secure Mobility Client version 2.x on Mac OS X and Linux, update to version 2.5 MR6 or later.
For Cisco AnyConnect Secure Mobility Client version 3.x on Mac OS X and Linux, update to version 3.0 MR8 or later.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Anyconnect Secure Mobility Client
Linux
Macos X
Windows