PT-2012-4471 · Cisco · Cisco Anyconnect Secure Mobility Client

Published

2012-09-16

Updated

2017-08-29

CVE-2012-3094

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco AnyConnect Secure Mobility Client versions 3.1.x before 3.1.00495

Description The issue allows remote attackers to obtain sensitive information via vectors involving an invalid certificate. This occurs because the VPN downloader in the download install component accepts arbitrary X.509 server certificates without user interaction.

Recommendations For versions 3.1.x before 3.1.00495, update to version 3.1.00495 or later to resolve the issue.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2012-3094

Affected Products

Cisco Anyconnect Secure Mobility Client

PT-2012-4471 · Cisco · Cisco Anyconnect Secure Mobility Client

CVE-2012-3094

Weakness Enumeration

Related Identifiers

Affected Products

References · 3