CVE-2012-2499
medium
Cisco CVSS v3 Base Score
5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 67% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
CWE
CWE-310Affected Products
cisco anyconnect secure mobility client