Vulnerability Description
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Anyconnect Secure Mobility Client | 3.1.0 |
References
- http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/rele
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78920
- http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/rele
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78920
FAQ
What is CVE-2012-3088?
CVE-2012-3088 is a vulnerability with a CVSS score of 9.3 (HIGH). Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspeci...
How severe is CVE-2012-3088?
CVE-2012-3088 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3088?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Anyconnect Secure Mobility Client.