Lucene search

[email protected]NVD:CVE-2012-2495

HistoryJun 20, 2012 - 8:55 p.m.

CVE-2012-2495

2012-06-2020:55:02

CWE-20

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.0%

JSON

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.

Affected configurations

NVD

Node

ciscoanyconnect_secure_mobility_clientMatch3.0

ciscosecure_desktopRange≤3.5.2008

ciscosecure_desktopMatch3.1

ciscosecure_desktopMatch3.1.1

ciscosecure_desktopMatch3.1.1.27

ciscosecure_desktopMatch3.1.1.33

ciscosecure_desktopMatch3.1.1.45

ciscosecure_desktopMatch3.2

ciscosecure_desktopMatch3.2.1

ciscosecure_desktopMatch3.3

ciscosecure_desktopMatch3.4

ciscosecure_desktopMatch3.4.1

ciscosecure_desktopMatch3.4.2

ciscosecure_desktopMatch3.4.2048

ciscosecure_desktopMatch3.5

ciscosecure_desktopMatch3.5.841

ciscosecure_desktopMatch3.5.1077

ciscosecure_desktopMatch3.5.2001

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

46.0%

JSON

Related for NVD:CVE-2012-2495

prion1 cvelist1 cve1 cisco2 openvas2 nessus3 securityvulns1