exploitDog

GHSA-fr9x-25xx-fj42

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

Описание

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

Ссылки

EPSS

Процентиль: 34%

0.00137

Низкий

CVE ID

Связанные уязвимости

CVE-2012-2499

nvd

больше 13 лет назад

The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.

EPSS

Процентиль: 34%

0.00137

Низкий

CVE ID