CVE-2012-2498

Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ensure that authentication makes use of a legitimate certificate, which allows user-assisted man-in-the-middle attackers to spoof servers via a crafted certificate, aka Bug ID CSCtz29197.

Severity	MEDIUM
CVSS	4.0
CWE	CWE-287
KEV
Published	13 years ago
Modified	2 weeks ago

Related Products

Product	Advisory
Cisco Secure Client	Cisco-SA-20120809-CVE-2012-2498
Cisco AnyConnect Secure Mobility Client	Cisco-SA-20120809-CVE-2012-2498