CVE-2012-2495

The HostScan downloader implementation in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR8 and Cisco Secure Desktop before 3.6.6020 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtx74235.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-20
KEV
Published	13 years ago
Modified	2 weeks ago

Related Products

Product	Advisory
Cisco Secure Desktop	Cisco-SA-20120620-CVE-2012-2495
Cisco Secure Client	Cisco-SA-20120620-CVE-2012-2495
Cisco AnyConnect Secure Mobility Client	Cisco-SA-20120620-CVE-2012-2495
Cisco Secure Desktop	cisco-sa-20120620-ac
Cisco Secure Client	cisco-sa-20120620-ac
Cisco AnyConnect Secure Mobility Client	cisco-sa-20120620-ac