Test ID:	1.3.6.1.4.1.25623.1.0.802459
Category:	CISCO
Title:	Cisco Products ActiveX Control Multiple Vulnerabilities
Summary:	Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities.
Description:	Summary: Cisco ASMC/Hostscan/Secure Desktop or Cisco ActiveX controls is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - An insufficient validation of input by the Cisco AnyConnect Secure Mobility Client WebLaunch component - An improper sanitization of user-supplied input by the affected software's download feature Vulnerability Impact: Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Affected Software/OS: Cisco Hostscan version 3.x before 3.0 MR8 Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057) Cisco AnyConnect Secure Mobility Client version 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows Solution: Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062) and Cisco Secure Desktop 3.6.6020 or later. Workaround: Set the killbit for the following CLSIDs: {705ec6d4-b138-4079-a307-ef13e4889a82} {f8fc1530-0608-11df-2008-0800200c9a66} {e34f52fe-7769-46ce-8f8b-5e8abad2e9fc} {55963676-2f5e-4baf-ac28-cf26aa587566} {cc679cb8-dc4b-458b-b817-d447b3b6ac31} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2493 Cisco Security Advisory: 20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac Common Vulnerability Exposure (CVE) ID: CVE-2012-2494 Common Vulnerability Exposure (CVE) ID: CVE-2012-2495
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.