CVE-2012-2494

medium

Cisco

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

0.2%

Exploitation probability in 30 days

Top 58% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: June 20, 2012 (5075 days ago)

Last Modified: April 29, 2026

Vendor: Cisco

Source: NVD

Description

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681.

CWE

CWE-20

Affected Products

cisco anyconnect secure mobility client

References

🔗 tools.cisco.com 🔗 tools.cisco.com

CVE-2012-2494

Vulnerability Report

Description

CWE

Affected Products

References