Sign-up

ID

VAR-201209-0246


CVE

CVE-2012-3088


TITLE

Cisco AnyConnect Secure Mobility Client Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2012-004402

DESCRIPTION

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166. The problem is Bug ID CSCua13166 It is a problem.A third party can be unintentionally affected through crafted requests. AnyConnect Secure Mobility Client is prone to a remote security vulnerability. Cisco AnyConnect Secure Mobility is a secure enterprise mobility solution. A remote attacker could exploit this vulnerability to have unspecified effects through specially crafted requests

Trust: 1.98

sources: NVD: CVE-2012-3088 // JVNDB: JVNDB-2012-004402 // BID: 78188 // VULHUB: VHN-56369

AFFECTED PRODUCTS

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.2.0

Trust: 1.6

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.0

Trust: 1.6

vendor:ciscomodel:anyconnect secure mobility clientscope:ltversion:3.1.x

Trust: 0.8

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1.00495

Trust: 0.8

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.2.x

Trust: 0.8

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.2

Trust: 0.3

vendor:ciscomodel:anyconnect secure mobility clientscope:eqversion:3.1

Trust: 0.3

sources: BID: 78188 // JVNDB: JVNDB-2012-004402 // CNNVD: CNNVD-201209-352 // NVD: CVE-2012-3088

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3088
value: HIGH

Trust: 1.0

NVD: CVE-2012-3088
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201209-352
value: CRITICAL

Trust: 0.6

VULHUB: VHN-56369
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-3088
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-56369
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-56369 // JVNDB: JVNDB-2012-004402 // CNNVD: CNNVD-201209-352 // NVD: CVE-2012-3088

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3088

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-352

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-352

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004402

PATCH
title:Release Notes for Cisco AnyConnect Secure Mobility Client, Release 3.1url:http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-004402

EXTERNAL IDS
db:NVDid:CVE-2012-3088
Trust: 2.8
db:JVNDBid:JVNDB-2012-004402
Trust: 0.8
db:CNNVDid:CNNVD-201209-352
Trust: 0.7
db:BIDid:78188
Trust: 0.4
db:XFid:78920
Trust: 0.3
db:VULHUBid:VHN-56369
Trust: 0.1
sources:
            
            
            VULHUB: VHN-56369 // 
            
            
            
            BID: 78188 // 
            
            
            
            JVNDB: JVNDB-2012-004402 // 
            
            
            
            CNNVD: CNNVD-201209-352 // 
            
            
            
            NVD: CVE-2012-3088

REFERENCES
url:http://www.cisco.com/en/us/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
Trust: 2.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/78920
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3088
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3088
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/78920
Trust: 0.3
sources:
            
            
            VULHUB: VHN-56369 // 
            
            
            
            BID: 78188 // 
            
            
            
            JVNDB: JVNDB-2012-004402 // 
            
            
            
            CNNVD: CNNVD-201209-352 // 
            
            
            
            NVD: CVE-2012-3088

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78188

SOURCES
db:VULHUBid:VHN-56369
db:BIDid:78188
db:JVNDBid:JVNDB-2012-004402
db:CNNVDid:CNNVD-201209-352
db:NVDid:CVE-2012-3088

LAST UPDATE DATE
2024-11-23T21:46:02.419000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-56369date:2017-08-29T00:00:00
db:BIDid:78188date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004402date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-352date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3088date:2024-11-21T01:40:12.127

SOURCES RELEASE DATE
db:VULHUBid:VHN-56369date:2012-09-16T00:00:00
db:BIDid:78188date:2012-09-16T00:00:00
db:JVNDBid:JVNDB-2012-004402date:2012-09-18T00:00:00
db:CNNVDid:CNNVD-201209-352date:2012-09-19T00:00:00
db:NVDid:CVE-2012-3088date:2012-09-16T10:34:50.580