CISCO : Cisco Products ActiveX Control Multiple Vulnerabilities

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.802459

Kategorie: CISCO

Titel: Cisco Products ActiveX Control Multiple Vulnerabilities

Zusammenfassung: This host is installed with Cisco ASMC/Hostscan/Secure Desktop or; Cisco ActiveX controls and is prone to multiple vulnerabilities.

Beschreibung: Summary:
This host is installed with Cisco ASMC/Hostscan/Secure Desktop or
Cisco ActiveX controls and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- An insufficient validation of input by the Cisco AnyConnect Secure Mobility
Client WebLaunch component

- An improper sanitization of user-supplied input by the affected software's
download feature

Vulnerability Impact:
Successful exploitation will let the remote attackers execute arbitrary code
and can compromise a vulnerable system.

Affected Software/OS:
Cisco Hostscan version 3.x before 3.0 MR8

Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057)

Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows

Solution:
Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062)
and Cisco Secure Desktop 3.6.6020 or later.

Workaround:

Set the killbit for the following CLSIDs:

{705ec6d4-b138-4079-a307-ef13e4889a82}

{f8fc1530-0608-11df-2008-0800200c9a66}

{e34f52fe-7769-46ce-8f8b-5e8abad2e9fc}

{55963676-2f5e-4baf-ac28-cf26aa587566}

{cc679cb8-dc4b-458b-b817-d447b3b6ac31}

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 54107
BugTraq ID: 54108
Common Vulnerability Exposure (CVE) ID: CVE-2012-2493
Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac
Common Vulnerability Exposure (CVE) ID: CVE-2012-2494
Common Vulnerability Exposure (CVE) ID: CVE-2012-2495

Copyright Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.802459
Kategorie:	CISCO
Titel:	Cisco Products ActiveX Control Multiple Vulnerabilities
Zusammenfassung:	This host is installed with Cisco ASMC/Hostscan/Secure Desktop or; Cisco ActiveX controls and is prone to multiple vulnerabilities.
Beschreibung:	Summary: This host is installed with Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An insufficient validation of input by the Cisco AnyConnect Secure Mobility Client WebLaunch component - An improper sanitization of user-supplied input by the affected software's download feature Vulnerability Impact: Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Affected Software/OS: Cisco Hostscan version 3.x before 3.0 MR8 Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057) Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows Solution: Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062) and Cisco Secure Desktop 3.6.6020 or later. Workaround: Set the killbit for the following CLSIDs: {705ec6d4-b138-4079-a307-ef13e4889a82} {f8fc1530-0608-11df-2008-0800200c9a66} {e34f52fe-7769-46ce-8f8b-5e8abad2e9fc} {55963676-2f5e-4baf-ac28-cf26aa587566} {cc679cb8-dc4b-458b-b817-d447b3b6ac31} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 54107 BugTraq ID: 54108 Common Vulnerability Exposure (CVE) ID: CVE-2012-2493 Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Common Vulnerability Exposure (CVE) ID: CVE-2012-2494 Common Vulnerability Exposure (CVE) ID: CVE-2012-2495
Copyright	Copyright (C) 2012 Greenbone Networks GmbH