CVE-2012-2500 - CERT CVE
ID CVE-2012-2500
Sažetak Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
Reference
CVSS
Base: 4.0
Impact: 4.9
Exploitability:4.9
Pristup
VektorSloženostAutentikacija
NETWORK HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL NONE
CVSS vektor AV:N/AC:H/Au:N/C:P/I:P/A:N
Zadnje važnije ažuriranje 07-08-2012 - 04:00
Objavljeno 06-08-2012 - 17:55