CVE-2012-2495

medium

Cisco

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

0.2%

Exploitation probability in 30 days

Top 56% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: June 20, 2012 (5075 days ago)

Last Modified: April 29, 2026

Vendor: Cisco

Source: NVD

Description

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.

CWE

CWE-20

Affected Products

cisco anyconnect secure mobility clientcisco secure desktop

References

🔗 tools.cisco.com 🔗 tools.cisco.com

CVE-2012-2495

Vulnerability Report

Description

CWE

Affected Products

References