CVE-2012-2498

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client versions 3.0 through 3.0.08066

Description The issue allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, as the authentication does not make use of a legitimate certificate.

Recommendations For versions 3.0 through 3.0.08066, ensure that authentication uses a legitimate certificate to prevent man-in-the-middle attacks. As a temporary workaround, consider verifying the server certificate manually until a patch is available.