Cisco AnyConnect Secure Mobility Client 3.0 prior to 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle malicious users to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco anyconnect secure mobility client 3.0.0629 |
||
cisco anyconnect secure mobility client 3.0.07059 |
||
cisco anyconnect secure mobility client 3.0 |