Sign-up

ID

VAR-201209-0229


CVE

CVE-2012-3094


TITLE

Linux upper Cisco AnyConnect Secure Mobility Client Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2012-004403

DESCRIPTION

The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967. X.509 A vulnerability exists in which important information is obtained because the server certificate is approved. The problem is Bug ID CSCua11967 It is a problem.Important information may be obtained by a third party. AnyConnect Secure Mobility Client is prone to a information disclosure vulnerability. Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. A remote attacker could exploit this vulnerability to obtain sensitive information through vectors containing invalid certificates

Trust: 1.98

sources: NVD: CVE-2012-3094 // JVNDB: JVNDB-2012-004403 // BID: 78184 // VULHUB: VHN-56375

AFFECTED PRODUCTS

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.0

Trust: 1.6

vendor:ciscomodel:anyconnect secure mobility clientscope:ltversion:3.1.x

Trust: 0.8

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.00495

Trust: 0.8

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1

Trust: 0.3

sources: BID: 78184 // JVNDB: JVNDB-2012-004403 // CNNVD: CNNVD-201209-353 // NVD: CVE-2012-3094

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3094
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3094
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201209-353
value: MEDIUM

Trust: 0.6

VULHUB: VHN-56375
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3094
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56375
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56375 // JVNDB: JVNDB-2012-004403 // CNNVD: CNNVD-201209-353 // NVD: CVE-2012-3094

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-56375 // JVNDB: JVNDB-2012-004403 // NVD: CVE-2012-3094

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-353

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201209-353

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004403

PATCH
title:Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.1url:http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004403

EXTERNAL IDS
db:NVDid:CVE-2012-3094
Trust: 2.8
db:JVNDBid:JVNDB-2012-004403
Trust: 0.8
db:CNNVDid:CNNVD-201209-353
Trust: 0.7
db:BIDid:78184
Trust: 0.4
db:XFid:78916
Trust: 0.3
db:VULHUBid:VHN-56375
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56375 // 
            
            
            
            BID: 78184 // 
            
            
            
            JVNDB: JVNDB-2012-004403 // 
            
            
            
            CNNVD: CNNVD-201209-353 // 
            
            
            
            NVD: CVE-2012-3094

REFERENCES
url:http://www.cisco.com/en/us/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/78916
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3094
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3094
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/78916
Trust: 0.3
sources:
            
            
            VULHUB: VHN-56375 // 
            
            
            
            BID: 78184 // 
            
            
            
            JVNDB: JVNDB-2012-004403 // 
            
            
            
            CNNVD: CNNVD-201209-353 // 
            
            
            
            NVD: CVE-2012-3094

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78184

SOURCES
db:VULHUBid:VHN-56375
db:BIDid:78184
db:JVNDBid:JVNDB-2012-004403
db:CNNVDid:CNNVD-201209-353
db:NVDid:CVE-2012-3094

LAST UPDATE DATE
2024-11-23T22:18:52.595000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-56375date:2017-08-29T00:00:00
db:BIDid:78184date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004403date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-353date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3094date:2024-11-21T01:40:12.240

SOURCES RELEASE DATE
db:VULHUBid:VHN-56375date:2012-09-16T00:00:00
db:BIDid:78184date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004403date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-353date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3094date:2012-09-16T10:34:50.627