Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cisco Products ActiveX Control Multiple Vulnerabilities

🗓️ 12 Sep 2012 00:00:00Reported by Copyright (C) 2012 Greenbone Networks GmbHType 
openvas
 openvas🔗 plugins.openvas.org👁 28 Views

Cisco Products ActiveX Control Multiple Vulnerabilities. Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062) and Cisco Secure Desktop 3.6.6020 or later. Set the killbit for specific CLSIDs. Multiple flaws due to insufficient validation of input and improper sanitization of user-supplied input

Related
Refs
Code
ReporterTitlePublishedViews
Family
Cisco		Cisco AnyConnect Secure Mobility Client Software Downgrade Vulnerability
20 Jun 201217:16
cisco
Cisco		Cisco AnyConnect Secure Mobility Client and Secure Desktop WebLaunch Software Downgrade Vulnerability
20 Jun 201217:19
cisco
Tenable Nessus		Cisco AnyConnect Secure Mobility Client VPN Downgrade
2 Jul 201200:00
nessus
Tenable Nessus		Cisco AnyConnect Secure Mobility Client VPN Downloader RCE (cisco-sa-20120620-ac)
2 Jul 201200:00
nessus
Tenable Nessus		Cisco AnyConnect Secure Mobility Client 3.0 < 3.0 MR8 Multiple Vulnerabilities
2 Jul 201200:00
nessus
Tenable Nessus		MacOSX Cisco AnyConnect Secure Mobility Client Multiple Vulnerabilities
2 Jul 201200:00
nessus
Tenable Nessus		MS 2736233: Update Rollup for ActiveX Kill Bits (2736233)
11 Sep 201200:00
nessus
Check Point Advisories		Cisco AnyConnect VPN Client Software Downgrade Code Execution (CVE-2012-2494)
16 Dec 201200:00
checkpoint_advisories
CVE		CVE-2012-2493
20 Jun 201220:00
cve
CVE		CVE-2012-2494
20 Jun 201220:00
cve
Rows per page
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_cisco_prdts_activex_mult_vuln.nasl 7172 2017-09-18 11:07:34Z cfischer $
#
# Cisco Products ActiveX Control Multiple Vulnerabilities
#
# Authors:
# Antu Sanadi <[email protected]>
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_solution = "Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062)
  and Cisco Secure Desktop 3.6.6020 or later,
  http://www.cisco.com/

  Workaround:
  Set the killbit for the following CLSIDs,
  {705ec6d4-b138-4079-a307-ef13e4889a82}
  {f8fc1530-0608-11df-2008-0800200c9a66}
  {e34f52fe-7769-46ce-8f8b-5e8abad2e9fc}
  {55963676-2f5e-4baf-ac28-cf26aa587566}
  {cc679cb8-dc4b-458b-b817-d447b3b6ac31}

  *****
  NOTE: Ignore this warning, if upgraded to above mentioned versions.
  *****";

tag_impact = "Successful exploitation will let the remote attackers execute arbitrary code
  and can compromise a vulnerable system.
  Impact Level: System/Application";
tag_affected = "Cisco Hostscan version 3.x before 3.0 MR8
  Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057)
  Cisco AnyConnect Secure Mobility Client version
  2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows";
tag_insight = "Multiple flaws are due to,
  - An insufficient validation of input by the Cisco AnyConnect Secure Mobility
    Client WebLaunch component.
  - An improper sanitization of user-supplied input by the affected software's
    download feature.";
tag_summary = "This host is installed with Cisco ASMC/Hostscan/Secure Desktop or
  Cisco ActiveX controls and is prone to multiple vulnerabilities.";

if(description)
{
  script_id(802459);
  script_version("$Revision: 7172 $");
  script_cve_id("CVE-2012-2493", "CVE-2012-2494", "CVE-2012-2495");
  script_bugtraq_id(54107, 54108);
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"$Date: 2017-09-18 13:07:34 +0200 (Mon, 18 Sep 2017) $");
  script_tag(name:"creation_date", value:"2012-09-12 13:30:28 +0530 (Wed, 12 Sep 2012)");
  script_name("Cisco Products ActiveX Control Multiple Vulnerabilities");

  script_xref(name : "URL" , value : "http://technet.microsoft.com/en-us/security/advisory/2736233");
  script_xref(name : "URL" , value : "http://tools.cisco.com/security/center/viewAlert.x?alertId=26196");
  script_xref(name : "URL" , value : "http://tools.cisco.com/security/center/viewAlert.x?alertId=26197");
  script_xref(name : "URL" , value : "http://tools.cisco.com/security/center/viewAlert.x?alertId=26198");
  script_xref(name : "URL" , value : "http://tools.cisco.com/security/center/viewAlert.x?alertId=26199");
  script_xref(name : "URL" , value : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac");

  script_tag(name:"qod_type", value:"registry");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("secpod_reg_enum.nasl");
  script_mandatory_keys("SMB/WindowsVersion");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "solution" , value : tag_solution);
  exit(0);
}

include("smb_nt.inc");
include("secpod_activex.inc");

## Confirm Windows OS
if(!get_kb_item("SMB/WindowsVersion")){
  exit(0);
}

## CLSID List
clsids = make_list("{705ec6d4-b138-4079-a307-ef13e4889a82}",
                   "{f8fc1530-0608-11df-2008-0800200c9a66}",
                   "{e34f52fe-7769-46ce-8f8b-5e8abad2e9fc}",
                   "{55963676-2f5e-4baf-ac28-cf26aa587566}",
                   "{cc679cb8-dc4b-458b-b817-d447b3b6ac31}");

foreach clsid (clsids)
{
  ## Check if Kill-Bit is set
  if(is_killbit_set(clsid:clsid) == 0)
  {
    security_message(0);
    exit(0);
  }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
18 Sep 2017 00:00Current
0.8Low risk
Vulners AI Score0.8
EPSS0.01283
cisco productsactivex controlvulnerabilitiesanyconnecthostscansecure desktopupgradeclsidsremote attackersarbitrary codecompromiseinsufficient validationimproper sanitization.
28