CVE-2012-4655
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.
La funcionalidad WebLaunch en Cisco Secure Desktop antes de v3.6.6020 no valida adecuadamente los binarios recibidos por el proceso de descarga, lo que permite a cualquier atacante ejecutar código de su elección a través de vectores relacionados con (1) ActiveX o (2) componentes Java. El problema esta identificado con los Bug IDs CSCtz76128 y CSCtz78204.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-08-24 CVE Reserved
- 2012-09-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/50669 | Third Party Advisory | |
| http://www.securityfocus.com/bid/55606 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac | 2017-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.1 Search vendor "Cisco" for product "Secure Desktop" and version "3.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.1.1 Search vendor "Cisco" for product "Secure Desktop" and version "3.1.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.1.1.27 Search vendor "Cisco" for product "Secure Desktop" and version "3.1.1.27" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.1.1.33 Search vendor "Cisco" for product "Secure Desktop" and version "3.1.1.33" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.1.1.45 Search vendor "Cisco" for product "Secure Desktop" and version "3.1.1.45" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.2 Search vendor "Cisco" for product "Secure Desktop" and version "3.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.2.1 Search vendor "Cisco" for product "Secure Desktop" and version "3.2.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.3 Search vendor "Cisco" for product "Secure Desktop" and version "3.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.4 Search vendor "Cisco" for product "Secure Desktop" and version "3.4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.4.1 Search vendor "Cisco" for product "Secure Desktop" and version "3.4.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.4.2 Search vendor "Cisco" for product "Secure Desktop" and version "3.4.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.4.2048 Search vendor "Cisco" for product "Secure Desktop" and version "3.4.2048" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.5 Search vendor "Cisco" for product "Secure Desktop" and version "3.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.5.841 Search vendor "Cisco" for product "Secure Desktop" and version "3.5.841" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.5.1077 Search vendor "Cisco" for product "Secure Desktop" and version "3.5.1077" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.5.2001 Search vendor "Cisco" for product "Secure Desktop" and version "3.5.2001" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.5.2008 Search vendor "Cisco" for product "Secure Desktop" and version "3.5.2008" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6 Search vendor "Cisco" for product "Secure Desktop" and version "3.6" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6.181 Search vendor "Cisco" for product "Secure Desktop" and version "3.6.181" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6.185 Search vendor "Cisco" for product "Secure Desktop" and version "3.6.185" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6.1001 Search vendor "Cisco" for product "Secure Desktop" and version "3.6.1001" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6.2002 Search vendor "Cisco" for product "Secure Desktop" and version "3.6.2002" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6.3002 Search vendor "Cisco" for product "Secure Desktop" and version "3.6.3002" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6.4021 Search vendor "Cisco" for product "Secure Desktop" and version "3.6.4021" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Secure Desktop Search vendor "Cisco" for product "Secure Desktop" | 3.6.5005 Search vendor "Cisco" for product "Secure Desktop" and version "3.6.5005" | - |
Affected
| ||||||