Lucene search
CiscoCVELIST:CVE-2012-2495HistoryOct 03, 2022 - 4:15 p.m.
CVE-2012-2495
2022-10-0316:15:35
cisco
www.cve.org
1
hostscan downloader implementation
cisco anyconnect secure mobility client
version downgrade
activex
java
remote attack
signed code
bug id csctx74235
The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.
Related
cisco
cisco
cve
cve
CVE-2012-2495
2022-10-03 16:15:35
prion
prion
Code injection
2012-06-20 20:55:00
nvd
nvd
CVE-2012-2495
2012-06-20 20:55:02
nessus
nessus
MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities
2012-07-02 00:00:00
MS 2736233: Update Rollup for ActiveX Kill Bits (2736233)
2012-09-11 00:00:00
openvas
openvas
Cisco Products ActiveX Control Multiple Vulnerabilities
2012-09-12 00:00:00
Cisco Products ActiveX Control Multiple Vulnerabilities
2012-09-12 00:00:00
securityvulns
securityvulns
Cisco AnyConnect Secure Mobility Client multiple security vulnerabilities
2012-08-27 00:00:00