CVE-2012-2494

2012-06-2020:55:02

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.002

Percentile

59.1%

JSON

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.

Affected configurations

Nvd

Node

ciscoanyconnect_secure_mobility_clientMatch2.0

ciscoanyconnect_secure_mobility_clientMatch2.1

ciscoanyconnect_secure_mobility_clientMatch2.2

ciscoanyconnect_secure_mobility_clientMatch2.2.128

ciscoanyconnect_secure_mobility_clientMatch2.2.133

ciscoanyconnect_secure_mobility_clientMatch2.2.136

ciscoanyconnect_secure_mobility_clientMatch2.2.140

ciscoanyconnect_secure_mobility_clientMatch2.3

ciscoanyconnect_secure_mobility_clientMatch2.3.185

ciscoanyconnect_secure_mobility_clientMatch2.3.254

ciscoanyconnect_secure_mobility_clientMatch2.3.2016

ciscoanyconnect_secure_mobility_clientMatch2.4

ciscoanyconnect_secure_mobility_clientMatch2.4.0202

ciscoanyconnect_secure_mobility_clientMatch2.4.1012

ciscoanyconnect_secure_mobility_clientMatch2.5

ciscoanyconnect_secure_mobility_clientMatch3.0

VendorProductVersionCPE
ciscoanyconnect_secure_mobility_client2.0cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.1cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.128cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.133cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.136cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.2.140cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.185cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:*:*:*:*:*:*:*
ciscoanyconnect_secure_mobility_client2.3.254cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.254:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	anyconnect_secure_mobility_client	2.0	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.0:::::::*
cisco	anyconnect_secure_mobility_client	2.1	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.1:::::::*
cisco	anyconnect_secure_mobility_client	2.2	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2:::::::*
cisco	anyconnect_secure_mobility_client	2.2.128	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.128:::::::*
cisco	anyconnect_secure_mobility_client	2.2.133	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.133:::::::*
cisco	anyconnect_secure_mobility_client	2.2.136	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.136:::::::*
cisco	anyconnect_secure_mobility_client	2.2.140	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.2.140:::::::*
cisco	anyconnect_secure_mobility_client	2.3	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3:::::::*
cisco	anyconnect_secure_mobility_client	2.3.185	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.185:::::::*
cisco	anyconnect_secure_mobility_client	2.3.254	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:2.3.254:::::::*