CyberSec.Space Logo
Back to CVE Browser

CVE-2012-3088

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile13.63th
PublishedSep 16, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.

Affected Platforms (CPE)

πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 3.1.0
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 3.2.0

References & Advisories

πŸ”— http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/78920
πŸ”— http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/78920

Related Vulnerabilities

CVE-2012-24939.3

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Window...

CVE-2011-20409.3

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x befo...

CVE-2021-13667.8

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow...

CVE-2020-34337.8

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow...