CVE-2012-2493

Cisco AnyConnect Secure Mobility Client <3.0 MR8 - RCE

Title source: llm
STIX 2.1

Description

The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 on Windows, and 2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Mac OS X and Linux, does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug ID CSCtw47523.

References (1)

Core 1
Core References

Scores

EPSS 0.0389
EPSS Percentile 89.0%

Details

CWE
CWE-20
Status published
Products (16)
cisco/anyconnect_secure_mobility_client 2.0
cisco/anyconnect_secure_mobility_client 2.1
cisco/anyconnect_secure_mobility_client 2.2
cisco/anyconnect_secure_mobility_client 2.2.128
cisco/anyconnect_secure_mobility_client 2.2.133
cisco/anyconnect_secure_mobility_client 2.2.136
cisco/anyconnect_secure_mobility_client 2.2.140
cisco/anyconnect_secure_mobility_client 2.3
cisco/anyconnect_secure_mobility_client 2.3.185
cisco/anyconnect_secure_mobility_client 2.3.254
... and 6 more
Published Jun 20, 2012
Tracked Since Feb 18, 2026