Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.802774
Category:General
Title:Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)
Summary:This host is installed with Cisco Adaptive Security Appliance and; is prone to ActiveX control remote code execution vulnerability.
Description:Summary:
This host is installed with Cisco Adaptive Security Appliance and
is prone to ActiveX control remote code execution vulnerability.

Vulnerability Insight:
The flaw is due to Cisco Adaptive Security Appliances (Cisco ASA),
uses an ActiveX control on client systems to perform port forwarding
operations. Microsoft ActiveX technology may be affected if the system has
ever connected to a device that is running the Cisco Clientless VPN solution.

Vulnerability Impact:
Successful exploitation will let the attacker execute arbitrary codes on the
affected machine.

Affected Software/OS:
- Microsoft Windows 7 Service Pack 1 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 2 and prior

- Microsoft Windows Server 2008 Service Pack 2 and prior

- Microsoft Windows XP Service Pack 2 and prior for x64-based Systems

- Microsoft Windows Server 2008 R2 Service Pack 1 and prior for x64-based Systems

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-0358
CERT/CC vulnerability note: VU#339177
http://www.kb.cert.org/vuls/id/339177
Cisco Security Advisory: 20120314 Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asaclient
http://www.securitytracker.com/id?1026799
XForce ISS Database: cisco-asa-activex-bo(74027)
https://exchange.xforce.ibmcloud.com/vulnerabilities/74027
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.