CISCO : Cisco Products ActiveX Control Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.802459

Categoría: CISCO

Título: Cisco Products ActiveX Control Multiple Vulnerabilities

Resumen: This host is installed with Cisco ASMC/Hostscan/Secure Desktop or; Cisco ActiveX controls and is prone to multiple vulnerabilities.

Descripción: Summary:
This host is installed with Cisco ASMC/Hostscan/Secure Desktop or
Cisco ActiveX controls and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- An insufficient validation of input by the Cisco AnyConnect Secure Mobility
Client WebLaunch component

- An improper sanitization of user-supplied input by the affected software's
download feature

Vulnerability Impact:
Successful exploitation will let the remote attackers execute arbitrary code
and can compromise a vulnerable system.

Affected Software/OS:
Cisco Hostscan version 3.x before 3.0 MR8

Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057)

Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows

Solution:
Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062)
and Cisco Secure Desktop 3.6.6020 or later.

Workaround:

Set the killbit for the following CLSIDs:

{705ec6d4-b138-4079-a307-ef13e4889a82}

{f8fc1530-0608-11df-2008-0800200c9a66}

{e34f52fe-7769-46ce-8f8b-5e8abad2e9fc}

{55963676-2f5e-4baf-ac28-cf26aa587566}

{cc679cb8-dc4b-458b-b817-d447b3b6ac31}

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 54107
BugTraq ID: 54108
Common Vulnerability Exposure (CVE) ID: CVE-2012-2493
Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Common Vulnerability Exposure (CVE) ID: CVE-2012-2494
Common Vulnerability Exposure (CVE) ID: CVE-2012-2495

Copyright Copyright (C) 2012 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.802459
Categoría:	CISCO
Título:	Cisco Products ActiveX Control Multiple Vulnerabilities
Resumen:	This host is installed with Cisco ASMC/Hostscan/Secure Desktop or; Cisco ActiveX controls and is prone to multiple vulnerabilities.
Descripción:	Summary: This host is installed with Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An insufficient validation of input by the Cisco AnyConnect Secure Mobility Client WebLaunch component - An improper sanitization of user-supplied input by the affected software's download feature Vulnerability Impact: Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Affected Software/OS: Cisco Hostscan version 3.x before 3.0 MR8 Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057) Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows Solution: Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062) and Cisco Secure Desktop 3.6.6020 or later. Workaround: Set the killbit for the following CLSIDs: {705ec6d4-b138-4079-a307-ef13e4889a82} {f8fc1530-0608-11df-2008-0800200c9a66} {e34f52fe-7769-46ce-8f8b-5e8abad2e9fc} {55963676-2f5e-4baf-ac28-cf26aa587566} {cc679cb8-dc4b-458b-b817-d447b3b6ac31} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 54107 BugTraq ID: 54108 Common Vulnerability Exposure (CVE) ID: CVE-2012-2493 Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Common Vulnerability Exposure (CVE) ID: CVE-2012-2494 Common Vulnerability Exposure (CVE) ID: CVE-2012-2495
Copyright	Copyright (C) 2012 Greenbone Networks GmbH