Details of VAR-201206-0087

ID

VAR-201206-0087

CVE

CVE-2012-2495

TITLE

Cisco AnyConnect Secure Mobility Client and Cisco Secure Desktop Vulnerabilities forced to downgrade

Trust: 0.8

sources: JVNDB: JVNDB-2012-002812

DESCRIPTION

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235. This older version of the client software may contain vulnerabilities which can be exploited by the attacker to perform further attacks. These issues are tracked by Cisco Bug IDs CSCtw48681 and CSCtx74235. Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. The vulnerability stems from not comparing the software timestamp provided by the installed software timestamp. Also known as Bug ID CSCtx74235

Trust: 1.98

sources: NVD: CVE-2012-2495 // JVNDB: JVNDB-2012-002812 // BID: 54108 // VULHUB: VHN-55776

AFFECTED PRODUCTS

vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.5.1077	Trust: 1.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.5.841	Trust: 1.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1	Trust: 1.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.2	Trust: 1.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1	Trust: 1.9
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.5	Trust: 1.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.3	Trust: 1.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.2.1	Trust: 1.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.5.2001	Trust: 1.6
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4.2048	Trust: 1.3
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.45	Trust: 1.3
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.33	Trust: 1.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0	Trust: 1.3
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4.1	Trust: 1.0
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4.2	Trust: 1.0
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.4	Trust: 1.0
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.1.1.27	Trust: 1.0
vendor:	cisco	model:	secure desktop	scope:	lte	version:	3.5.2008	Trust: 1.0
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0 mr8	Trust: 0.8
vendor:	cisco	model:	anyconnect secure mobility client	scope:	lt	version:	3.x	Trust: 0.8
vendor:	cisco	model:	secure desktop	scope:	eq	version:	3.5.2008	Trust: 0.6
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	3.0.629	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3046	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5.3041	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.5	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.254	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3.185	Trust: 0.3
vendor:	cisco	model:	anyconnect secure mobility client	scope:	eq	version:	2.3	Trust: 0.3

sources: BID: 54108 // JVNDB: JVNDB-2012-002812 // CNNVD: CNNVD-201206-375 // NVD: CVE-2012-2495

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2495
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-2495
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201206-375
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-55776
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-2495
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-55776
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-55776 // JVNDB: JVNDB-2012-002812 // CNNVD: CNNVD-201206-375 // NVD: CVE-2012-2495

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-55776 // JVNDB: JVNDB-2012-002812 // NVD: CVE-2012-2495

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201206-375

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201206-375

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-002812

PATCH

title:	cisco-sa-20120620-ac	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac	Trust: 0.8
title:	26198	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=26198	Trust: 0.8
title:	Update Rollup for ActiveX Kill Bits (2736233)	url:	http://technet.microsoft.com/en-us/security/advisory/2736233	Trust: 0.8
title:	Java SE Development Kit 7, Update 9 (JDK 7u9)	url:	http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html	Trust: 0.8
title:	Java SE Development Kit 6, Update 37 (JDK 6u37)	url:	http://www.oracle.com/technetwork/java/javase/6u37-relnotes-1863283.html	Trust: 0.8
title:	cisco-sa-20120620-ac	url:	http://www.cisco.com/cisco/web/support/JP/111/1115/1115492_cisco-sa-20120620-ac-j.html	Trust: 0.8
title:	ActiveX の Kill Bit 更新プログラムのロールアップ (2736233)	url:	http://technet.microsoft.com/ja-jp/security/advisory/2736233	Trust: 0.8

sources: JVNDB: JVNDB-2012-002812

EXTERNAL IDS

db:	NVD	id:	CVE-2012-2495	Trust: 2.8
db:	JVNDB	id:	JVNDB-2012-002812	Trust: 0.8
db:	CNNVD	id:	CNNVD-201206-375	Trust: 0.7
db:	CISCO	id:	20120620 MULTIPLE VULNERABILITIES IN CISCO ANYCONNECT SECURE MOBILITY CLIENT	Trust: 0.6
db:	NSFOCUS	id:	19867	Trust: 0.6
db:	ZDI	id:	ZDI-12-149	Trust: 0.3
db:	BID	id:	54108	Trust: 0.3
db:	VULHUB	id:	VHN-55776	Trust: 0.1

sources: VULHUB: VHN-55776 // BID: 54108 // JVNDB: JVNDB-2012-002812 // CNNVD: CNNVD-201206-375 // NVD: CVE-2012-2495

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20120620-ac	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2495	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2495	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/19867	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://technet.microsoft.com/en-us/security/advisory/2736233	Trust: 0.3
url:	http://www.zerodayinitiative.com/advisories/zdi-12-149/	Trust: 0.3

sources: VULHUB: VHN-55776 // BID: 54108 // JVNDB: JVNDB-2012-002812 // CNNVD: CNNVD-201206-375 // NVD: CVE-2012-2495

CREDITS

gwslabs.com via Zero Day Initiative and Cisco

Trust: 0.3

sources: BID: 54108

SOURCES

db:	VULHUB	id:	VHN-55776
db:	BID	id:	54108
db:	JVNDB	id:	JVNDB-2012-002812
db:	CNNVD	id:	CNNVD-201206-375
db:	NVD	id:	CVE-2012-2495

LAST UPDATE DATE

2024-11-23T22:18:54.567000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-55776	date:	2012-06-21T00:00:00
db:	BID	id:	54108	date:	2015-03-19T08:41:00
db:	JVNDB	id:	JVNDB-2012-002812	date:	2012-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201206-375	date:	2012-06-27T00:00:00
db:	NVD	id:	CVE-2012-2495	date:	2024-11-21T01:39:09.153

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-55776	date:	2012-06-20T00:00:00
db:	BID	id:	54108	date:	2012-06-20T00:00:00
db:	JVNDB	id:	JVNDB-2012-002812	date:	2012-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201206-375	date:	2012-06-21T00:00:00
db:	NVD	id:	CVE-2012-2495	date:	2012-06-20T20:55:02.590