CISCO : Cisco Products ActiveX Control Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802459

Categoría: CISCO

Título: Cisco Products ActiveX Control Multiple Vulnerabilities

Resumen: Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities.

Descripción: Summary:
Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- An insufficient validation of input by the Cisco AnyConnect Secure Mobility
Client WebLaunch component

- An improper sanitization of user-supplied input by the affected software's
download feature

Vulnerability Impact:
Successful exploitation will let the remote attackers execute arbitrary code
and can compromise a vulnerable system.

Affected Software/OS:
Cisco Hostscan version 3.x before 3.0 MR8

Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057)

Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows

Solution:
Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062)
and Cisco Secure Desktop 3.6.6020 or later.

Workaround:

Set the killbit for the following CLSIDs:

{705ec6d4-b138-4079-a307-ef13e4889a82}

{f8fc1530-0608-11df-2008-0800200c9a66}

{e34f52fe-7769-46ce-8f8b-5e8abad2e9fc}

{55963676-2f5e-4baf-ac28-cf26aa587566}

{cc679cb8-dc4b-458b-b817-d447b3b6ac31}

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-2493
Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Common Vulnerability Exposure (CVE) ID: CVE-2012-2494
Common Vulnerability Exposure (CVE) ID: CVE-2012-2495

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802459
Categoría:	CISCO
Título:	Cisco Products ActiveX Control Multiple Vulnerabilities
Resumen:	Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities.
Descripción:	Summary: Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An insufficient validation of input by the Cisco AnyConnect Secure Mobility Client WebLaunch component - An improper sanitization of user-supplied input by the affected software's download feature Vulnerability Impact: Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Affected Software/OS: Cisco Hostscan version 3.x before 3.0 MR8 Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057) Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows Solution: Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062) and Cisco Secure Desktop 3.6.6020 or later. Workaround: Set the killbit for the following CLSIDs: {705ec6d4-b138-4079-a307-ef13e4889a82} {f8fc1530-0608-11df-2008-0800200c9a66} {e34f52fe-7769-46ce-8f8b-5e8abad2e9fc} {55963676-2f5e-4baf-ac28-cf26aa587566} {cc679cb8-dc4b-458b-b817-d447b3b6ac31} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2493 Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Common Vulnerability Exposure (CVE) ID: CVE-2012-2494 Common Vulnerability Exposure (CVE) ID: CVE-2012-2495
Copyright	Copyright (C) 2012 Greenbone AG