Home

CVE-2012-2493

Description

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Risk Information

Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.283

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.0Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.1Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.128Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.133Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.136Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.140Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.185Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.2016Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.254Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.0202Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.1012Windows
Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5Windows
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.0Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.1Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.128Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.133Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.136Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.140Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.185Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.2016Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.254Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.0202Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.1012Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.5Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.0Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.1Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.128Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.133Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.136Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.140Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.185Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.2016Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.254Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.0202Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.1012Mac
Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.5Mac
Improper Input Validation Vulnerability (CVE-2012-2493)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029
PATCH-606843Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234