Vulnerability Details CVE-2012-2498
Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.9%
CVSS Severity
CVSS v2 Score 4.0
References
Products affected by CVE-2012-2498
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0629
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.07059
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.08057
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.08066