CVE-2012-2496 — MEDIUM (6.8)

Vulnerability Description

A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.

CVSS Score

6.8

MEDIUM

AV:N/AC:M/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Cisco	Anyconnect Secure Mobility Client	3.0

Related Weaknesses (CWE)

CWE-20

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory

FAQ

What is CVE-2012-2496?

CVE-2012-2496 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict u...

How severe is CVE-2012-2496?

CVE-2012-2496 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2496?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Anyconnect Secure Mobility Client.