CVE-2012-2500
medium
Cisco CVSS v3 Base Score
4.0
AV:N/AC:H/Au:N/C:P/I:P/A:N
EPSS Score
0.1%
Exploitation probability in 30 days
Top 67% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
None
Vulnerability Report
Generated by CyberWatcher
Description
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
CWE
CWE-310Affected Products
cisco anyconnect secure mobility client