Details of VAR-201209-0242

ID

VAR-201209-0242

CVE

CVE-2012-3052

TITLE

Cisco VPN Client Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2012-004399

DESCRIPTION

Untrusted search path vulnerability in Cisco VPN Client 5.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka Bug ID CSCua28747. The problem is Bug ID CSCua28747 It is a problem. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. http://cwe.mitre.org/data/definitions/426.htmlA local user can create a Trojan horse in the current working directory. DLL It may be possible to get permission through the file. Cisco VPN Client is a set of cross-platform VPN client software from Cisco

Trust: 1.8

sources: NVD: CVE-2012-3052 // JVNDB: JVNDB-2012-004399 // VULHUB: VHN-56333 // VULMON: CVE-2012-3052

AFFECTED PRODUCTS

vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0	Trust: 1.8
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.05.0290	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.6	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.04.0300	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.06.0160	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.03.0530	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.07.0410	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.02.0090	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.07.0440	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.03.0560	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.07.0290	Trust: 1.6
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.5	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.7	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.2.0090	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.01.0600	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.01	Trust: 1.0
vendor:	cisco	model:	vpn client	scope:	eq	version:	5.0.2	Trust: 1.0

sources: JVNDB: JVNDB-2012-004399 // CNNVD: CNNVD-201209-349 // NVD: CVE-2012-3052

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3052
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3052
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-349
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56333
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2012-3052
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3052
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-56333
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56333 // VULMON: CVE-2012-3052 // JVNDB: JVNDB-2012-004399 // CNNVD: CNNVD-201209-349 // NVD: CVE-2012-3052

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2012-004399 // NVD: CVE-2012-3052

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201209-349

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201209-349

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004399

PATCH

title:

Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.1

url:

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html

Trust: 0.8

sources: JVNDB: JVNDB-2012-004399

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3052	Trust: 2.6
db:	JVNDB	id:	JVNDB-2012-004399	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-349	Trust: 0.7
db:	VULHUB	id:	VHN-56333	Trust: 0.1
db:	VULMON	id:	CVE-2012-3052	Trust: 0.1

sources: VULHUB: VHN-56333 // VULMON: CVE-2012-3052 // JVNDB: JVNDB-2012-004399 // CNNVD: CNNVD-201209-349 // NVD: CVE-2012-3052

REFERENCES

url:	http://www.cisco.com/en/us/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3052	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3052	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-56333 // VULMON: CVE-2012-3052 // JVNDB: JVNDB-2012-004399 // CNNVD: CNNVD-201209-349 // NVD: CVE-2012-3052

SOURCES

db:	VULHUB	id:	VHN-56333
db:	VULMON	id:	CVE-2012-3052
db:	JVNDB	id:	JVNDB-2012-004399
db:	CNNVD	id:	CNNVD-201209-349
db:	NVD	id:	CVE-2012-3052

LAST UPDATE DATE

2024-11-23T22:08:42.362000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56333	date:	2012-09-17T00:00:00
db:	VULMON	id:	CVE-2012-3052	date:	2012-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2012-004399	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-349	date:	2012-09-19T00:00:00
db:	NVD	id:	CVE-2012-3052	date:	2024-11-21T01:40:10.280

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56333	date:	2012-09-16T00:00:00
db:	VULMON	id:	CVE-2012-3052	date:	2012-09-16T00:00:00
db:	JVNDB	id:	JVNDB-2012-004399	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-349	date:	2012-09-19T00:00:00
db:	NVD	id:	CVE-2012-3052	date:	2012-09-16T10:34:50.457