CVE-2012-3088

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/78920
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/78920

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:::::::*
	cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.2.0:::::::*

History

21 Nov 2024, 01:40

Type	Values Removed	Values Added
References	~~() http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html -~~	() http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/78920 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/78920 -

Information

Published : 2012-09-16 10:34

Updated : 2024-11-21 01:40

NVD link : CVE-2012-3088

Mitre link : CVE-2012-3088

CVE.ORG link : CVE-2012-3088

JSON object : View

Products Affected

cisco

anyconnect_secure_mobility_client

CWE

NVD-CWE-noinfo

{"id": "CVE-2012-3088", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-09-16T10:34:50.580", "references": [{"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html", "source": "ykramarz@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78920", "source": "ykramarz@cisco.com"}, {"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78920", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166."}, {"lang": "es", "value": "Cisco AnyConnect Secure Mobility Client v3.1.x anteriores a v3.1.00495, y v3.2.x, no comprueba si la petici\u00f3n HTTP original contiene cabeceras ScanSafe, lo que permite a atacantes remotos a tener un impacto no determinado a trav\u00e9s de una petici\u00f3n manipulada, tambi\u00e9n conocido como Bug ID CSCua13166."}], "lastModified": "2024-11-21T01:40:12.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CFE1E12-CAEE-4CB5-8969-D6F92451F69B"}, {"criteria": "cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B18B5AB9-83E9-444E-94D1-EB10475D66E0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}