Описание
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0629:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.07059:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.08057:*:*:*:*:*:*:*
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.08066:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
EPSS
Процентиль: 29%
0.00103
Низкий
4 Medium
CVSS2
Дефекты
CWE-287