ID

VAR-201209-0229


CVE

CVE-2012-3094


TITLE

Linux upper Cisco AnyConnect Secure Mobility Client Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2012-004403

DESCRIPTION

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. X.509 A vulnerability exists in which important information is obtained because the server certificate is approved. The problem is Bug ID CSCua11967 It is a problem.Important information may be obtained by a third party. AnyConnect Secure Mobility Client is prone to a information disclosure vulnerability. Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. A remote attacker could exploit this vulnerability to obtain sensitive information through vectors containing invalid certificates

Trust: 1.98

sources: NVD: CVE-2012-3094 // JVNDB: JVNDB-2012-004403 // BID: 78184 // VULHUB: VHN-56375

AFFECTED PRODUCTS

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.0

Trust: 1.6

vendor:ciscomodel:anyconnect secure mobility clientscope:ltversion:3.1.x

Trust: 0.8

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.00495

Trust: 0.8

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1

Trust: 0.3

sources: BID: 78184 // JVNDB: JVNDB-2012-004403 // CNNVD: CNNVD-201209-353 // NVD: CVE-2012-3094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3094
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3094
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-353
value: MEDIUM

Trust: 0.6

VULHUB: VHN-56375
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3094
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56375
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56375 // JVNDB: JVNDB-2012-004403 // CNNVD: CNNVD-201209-353 // NVD: CVE-2012-3094

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-56375 // JVNDB: JVNDB-2012-004403 // NVD: CVE-2012-3094

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-353

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201209-353

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004403

PATCH

title:Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.1url:http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-004403

EXTERNAL IDS

db:NVDid:CVE-2012-3094

Trust: 2.8

db:JVNDBid:JVNDB-2012-004403

Trust: 0.8

db:CNNVDid:CNNVD-201209-353

Trust: 0.7

db:BIDid:78184

Trust: 0.4

db:XFid:78916

Trust: 0.3

db:VULHUBid:VHN-56375

Trust: 0.1

sources: VULHUB: VHN-56375 // BID: 78184 // JVNDB: JVNDB-2012-004403 // CNNVD: CNNVD-201209-353 // NVD: CVE-2012-3094

REFERENCES

url:http://www.cisco.com/en/us/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/78916

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3094

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3094

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/78916

Trust: 0.3

sources: VULHUB: VHN-56375 // BID: 78184 // JVNDB: JVNDB-2012-004403 // CNNVD: CNNVD-201209-353 // NVD: CVE-2012-3094

CREDITS

Unknown

Trust: 0.3

sources: BID: 78184

SOURCES

db:VULHUBid:VHN-56375
db:BIDid:78184
db:JVNDBid:JVNDB-2012-004403
db:CNNVDid:CNNVD-201209-353
db:NVDid:CVE-2012-3094

LAST UPDATE DATE

2024-11-23T22:18:52.595000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-56375date:2017-08-29T00:00:00
db:BIDid:78184date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004403date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-353date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3094date:2024-11-21T01:40:12.240

SOURCES RELEASE DATE

db:VULHUBid:VHN-56375date:2012-09-16T00:00:00
db:BIDid:78184date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004403date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-353date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3094date:2012-09-16T10:34:50.627