Vulnerability Details CVE-2012-2499
The IPsec implementation in Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz26985.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.6%
CVSS Severity
CVSS v2 Score 5.8
References
Products affected by CVE-2012-2499
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.0629
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.0.07059