Lucene search

[email protected]CVE-2012-3088

HistorySep 16, 2012 - 10:34 a.m.

CVE-2012-3088

2012-09-1610:34:50

[email protected]

web.nvd.nist.gov

cve-2012-3088

cisco anyconnect

secure mobility client

http request

scansafe headers

remote attackers

bug id cscua13166

nvd

6.9 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.1%

JSON

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

Affected configurations

NVD

Node

ciscoanyconnect_secure_mobility_clientMatch3.1.0

ciscoanyconnect_secure_mobility_clientMatch3.2.0

CPENameOperatorVersion
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq3.1.0
cisco:anyconnect_secure_mobility_clientcisco anyconnect secure mobility clienteq3.2.0

CPE	Name	Operator	Version
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	3.1.0
cisco:anyconnect_secure_mobility_client	cisco anyconnect secure mobility client	eq	3.2.0

References

www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

exchange.xforce.ibmcloud.com/vulnerabilities/78920

6.9 Medium

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.1%

JSON

Related for CVE-2012-3088

prion1 nvd1 cvelist1