CVE-2012-2494
Description
The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.
Risk Information
Base Score
8.2
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
EPSS Score
Exploitation Probability
0.198
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.0 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.1 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.128 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.133 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.136 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.2.140 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.185 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.3.254 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Cisco AnyConnect Secure Mobility Client For Windows 2.5 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.0 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.1 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.128 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.133 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.136 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.2.140 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.185 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.2016 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.3.254 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.0202 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.4.1012 | Windows |
| Multiple Vulnerabilities are affected in Any Connect (Microsoft Store) 2.5 | Windows |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.0 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.1 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.128 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.133 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.136 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.140 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.185 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.2016 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.254 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.0202 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.1012 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.5 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2494,CVE-2012-2495,CVE-2012-2498 are affected in Cisco AnyConnect Secure Mobility Client for Mac 3.0 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.0 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.1 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.128 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.133 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.136 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.2.140 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.185 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.2016 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.3.254 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.0202 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.4.1012 | Mac |
| Vulnerabilities CVE-2011-2040,CVE-2012-2493,CVE-2012-2494,CVE-2013-5559 are affected in Cisco AnyConnect Secure Mobility Client for Mac 2.5 | Mac |
| Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client For Cisco AnyConnect Secure Mobility Client | NCM |
| Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client For Cisco Secure Desktop | NCM |
| Improper Input Validation Vulnerability (CVE-2012-2494) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705981 | Security Update for Cisco AnyConnect Secure Mobility Client 4.3(2034) |
| PATCH-1702090 | Security Update for Cisco Secure Desktop 3.1(3103) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-332488 | Cisco AnyConnect Secure Mobility Client (4.10.07073) |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
| PATCH-606843 | Cisco AnyConnect Secure Mobility Client for Mac 4.10.08029 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234