Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Cisco AnyConnect Secure Mobility Client
дополнено с 25 июня 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12440
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Выполнение кода, обход защиты.
Затронутые продукты:CISCO : AnyConnect Secure Mobility 3.0
CVE:CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.)
 CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict use of Java components, which allows remote attackers to execute arbitrary code via a crafted web site, aka Bug ID CSCty45925.)
 CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.)
 CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.)
 CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.)
Оригинальный текстdocumentZDI, ZDI-12-149 : Cisco AnyConnect VPN Client Verification Bypass Remote Code Execution Vulnerability (27.08.2012)
 documentZDI, ZDI-12-156 : Cisco AnyConnect VPN Client Arbitrary Program Instantiation Remote Code Execution Vulnerability (26.08.2012)
 documentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client (25.06.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород