Vulnerability Details CVE-2012-3088
Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.2%
CVSS Severity
CVSS v2 Score 9.3
References
- http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78920
- http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78920
Products affected by CVE-2012-3088
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.1.0
-
cpe:2.3:a:cisco:anyconnect_secure_mobility_client:3.2.0