Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.802459 |
Category: | CISCO |
Title: | Cisco Products ActiveX Control Multiple Vulnerabilities |
Summary: | This host is installed with Cisco ASMC/Hostscan/Secure Desktop or; Cisco ActiveX controls and is prone to multiple vulnerabilities. |
Description: | Summary: This host is installed with Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An insufficient validation of input by the Cisco AnyConnect Secure Mobility Client WebLaunch component - An improper sanitization of user-supplied input by the affected software's download feature Vulnerability Impact: Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Affected Software/OS: Cisco Hostscan version 3.x before 3.0 MR8 Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057) Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows Solution: Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062) and Cisco Secure Desktop 3.6.6020 or later. Workaround: Set the killbit for the following CLSIDs: {705ec6d4-b138-4079-a307-ef13e4889a82} {f8fc1530-0608-11df-2008-0800200c9a66} {e34f52fe-7769-46ce-8f8b-5e8abad2e9fc} {55963676-2f5e-4baf-ac28-cf26aa587566} {cc679cb8-dc4b-458b-b817-d447b3b6ac31} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 54107 BugTraq ID: 54108 Common Vulnerability Exposure (CVE) ID: CVE-2012-2493 Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Common Vulnerability Exposure (CVE) ID: CVE-2012-2494 Common Vulnerability Exposure (CVE) ID: CVE-2012-2495 |
Copyright | Copyright (C) 2012 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |