CyberSec.Space Logo
Back to CVE Browser

CVE-2012-2493

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile25.94th
PublishedJun 20, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

Affected Platforms (CPE)

πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.0
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.1
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.128
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.133
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.136
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.2.140
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3.185
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3.254
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.3.2016
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.4
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.4.0202
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.4.1012
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 2.5
πŸ“¦
Cisco

Anyconnect Secure Mobility Client

= 3.0

References & Advisories

πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

Related Vulnerabilities

CVE-2012-30889.3

Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally conta...

CVE-2011-20409.3

The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x befo...

CVE-2021-13667.8

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow...

CVE-2020-34337.8

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow...