Published: 24/09/2012 Updated: 29/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The WebLaunch feature in Cisco Secure Desktop prior to 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote malicious users to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco secure desktop 3.4
cisco secure desktop 3.1.1.45
cisco secure desktop 3.6.3002
cisco secure desktop 3.2
cisco secure desktop 3.6
cisco secure desktop 3.5.2008
cisco secure desktop 3.4.2
cisco secure desktop 3.6.181
cisco secure desktop 3.1.1
cisco secure desktop 3.6.185
cisco secure desktop 3.1
cisco secure desktop 3.5.841
cisco secure desktop 3.4.2048
cisco secure desktop 3.4.1
cisco secure desktop 3.2.1
cisco secure desktop 3.5
cisco secure desktop 3.6.4021
cisco secure desktop 3.1.1.27
cisco secure desktop 3.1.1.33
cisco secure desktop 3.6.1001
cisco secure desktop 3.3
cisco secure desktop 3.6.2002
cisco secure desktop 3.6.5005
cisco secure desktop 3.5.2001
cisco secure desktop 3.5.1077

The Cisco AnyConnect Secure Mobility Client is affected by the following vulnerabilities: Cisco AnyConnect Secure Mobility Client VPN Downloader Arbitrary Code Execution Vulnerability Cisco AnyConnect Secure Mobility Client VPN Downloader Software Downgrade Vulnerability Cisco AnyConnect Secure Mobility Client and Cisco Secure Deskto ...

CWE-20 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac http://secunia.com/advisories/50669 http://www.securityfocus.com/bid/55606 https://exchange.xforce.ibmcloud.com/vulnerabilities/78677 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

CVE-2012-4655

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect