// For flags

CVE-2012-2500

 

Severity Score

4.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.

Cisco AnyConnect Secure Mobility Client 3.0 anteriores a v3.0.08057 no verifica el nombre del certificado en un X.509 durante WebLaunch de IPsec, lo que permitiría atacantes de hombre en medio (man-in-the-middle a espiar servidores a través de un certificado manipulado, también conocido como Bug ID CSCtz29470.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-07 CVE Reserved
  • 2012-08-06 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
3.0
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "3.0"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
3.0.0629
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "3.0.0629"
-
Affected
Cisco
Search vendor "Cisco"
Anyconnect Secure Mobility Client
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client"
3.0.07059
Search vendor "Cisco" for product "Anyconnect Secure Mobility Client" and version "3.0.07059"
-
Affected