CVE-2012-2496

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client version 3.x before 3.0 MR7 on 64-bit Linux platforms

Description The issue is related to a Java applet in the VPN downloader implementation in the WebLaunch feature, which does not properly restrict the use of Java components. This allows remote attackers to execute arbitrary code via a crafted web site.

Recommendations For Cisco AnyConnect Secure Mobility Client version 3.x before 3.0 MR7 on 64-bit Linux platforms, update to version 3.0 MR7 or later to resolve the issue. As a temporary workaround, consider disabling the WebLaunch feature until a patch is available. Restrict access to the Java applet in the VPN downloader implementation to minimize the risk of exploitation.