CVE-2012-3094: Infoleak
First published: Sun Sep 16 2012(Updated: )
The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco AnyConnect Secure | =3.1.0 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-3094?
CVE-2012-3094 is classified as a moderate severity vulnerability due to its potential to compromise sensitive information.
How do I fix CVE-2012-3094?
To mitigate CVE-2012-3094, upgrade to Cisco AnyConnect Secure Mobility Client version 3.1.00495 or later on Linux.
What systems are affected by CVE-2012-3094?
CVE-2012-3094 affects Cisco AnyConnect Secure Mobility Client versions prior to 3.1.00495 on Linux.
What type of attack does CVE-2012-3094 enable?
CVE-2012-3094 allows remote attackers to exploit arbitrary X.509 server certificates to obtain sensitive information.
Is user interaction required for CVE-2012-3094 to be exploited?
No, CVE-2012-3094 can be exploited without any user interaction.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco anyconnect secure
- version/cisco anyconnect secure/3.1.0
- vendor/linux
- canonical/linux kernel