exploitDog

CVE-2012-2496

Опубликовано: 20 июн. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.

Ссылки

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0:*:*:*:*:*:x64:*

EPSS

Процентиль: 78%

0.01113

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-v4v3-hfpw-74cj

github

больше 3 лет назад

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.

EPSS

Процентиль: 78%

0.01113

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-20