Cisco AnyConnect Secure Mobility Client 3.0 up to and including 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle malicious users to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco anyconnect secure mobility client 3.0.0629 |
||
cisco anyconnect secure mobility client 3.0.08057 |
||
cisco anyconnect secure mobility client 3.0.08066 |
||
cisco anyconnect secure mobility client 3.0 |
||
cisco anyconnect secure mobility client 3.0.07059 |