CVE-2012-4655

The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac	Vendor Advisory
http://secunia.com/advisories/50669
http://www.securityfocus.com/bid/55606
https://exchange.xforce.ibmcloud.com/vulnerabilities/78677

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:secure_desktop:3.4:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1.1.45:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.3002:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.2:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.2008:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.4.2:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.181:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1.1:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.185:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1.1.33:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.3:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.2002:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.4.2048:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.1001:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.841:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.2001:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.2.1:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.1.1.27:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.5.1077:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.5005:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.6.4021:::::::*
	cpe:2.3:a:cisco:secure_desktop:3.4.1:::::::*

Information

Published : 2012-09-24 10:55

Updated : 2017-08-28 18:32

NVD link : CVE-2012-4655

Mitre link : CVE-2012-4655

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

cisco

secure_desktop

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac", "name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://secunia.com/advisories/50669", "name": "50669", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/55606", "name": "55606", "tags": [], "refsource": "BID"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78677", "name": "securedesktop-weblaunch-code-execution(78677)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components, aka Bug IDs CSCtz76128 and CSCtz78204."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-4655", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2012-09-24T17:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1.1.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6.3002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.5.2008:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6.181:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6.185:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1.1.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6.2002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.4.2048:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6.1001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.5.841:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.5.2001:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.1.1.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.5.1077:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6.5005:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.6.4021:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:secure_desktop:3.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:32Z"}

9.3 /10