First published: Mon Aug 06 2012(Updated: )
Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not verify the certificate name in an X.509 certificate during WebLaunch of IPsec, which allows man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29470.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Anyconnect Secure Mobility Client | =3.0 | |
Cisco Anyconnect Secure Mobility Client | =3.0.0629 | |
Cisco Anyconnect Secure Mobility Client | =3.0.07059 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.